Twitter Ads Fraud, Not What You Think

In November 2018 I experienced a kind of hacking of my Twitter Ads account and fraudulent use of my credit card, that most people don’t really expect, and isn’t well covered.  Hopefully, this post will be informative to others.

Somebody (maybe a person, maybe a bot) gained access to my Twitter Account.  They made (as far as I can tell) just one tweet, which was an ad, seemingly to another twitter account.  I found out about this, because my credit card was billed by Twitter Ads for around $700, which I never authorized.  I had used Twitter Ads to promote my own sites, for a much smaller amount of money, some months previous.  Naturally, I immediately logged into my Twitter Ads account, where I found there was a campaign, I had never authorized.  I promptly tried to contact somebody at Twitter.  Sadly, it’s pretty much impossible to find a human being.  There are no phone numbers to talk to a person.  All of the Twitter “help” does is just give some useless generic FAQ answer.

When I submitted a request for help, I found all I could get was generic/canned responses by email.  They are either fully or partly automated, and show no sign of a intelligent independent thinking person writing out text.  Rather, all the responses, were canned, and never fit this specific issue.  Their primary response was as follows:

As per our policies, we are only able to process due to billing or technical errors. After thoroughly investigating this issue, we’ve confirmed no billing or technical errors on our end occurred in this case, therefore, we are unable to process your refund request at this time.

So, upon learning of fraudulent billing, and an account being hacked, they decided to do nothing, and keep the money stolen from my credit card.  I strongly suspect the same hacker that did this also did it to other accounts in the past, and will do it to others.  Twitter could use access logs to show the IP of the hacker, the target of the tweet/ad of the hacker, and other information that only they have, to identify other users who have been victimized.  They haven’t done that.  They are perfectly happy to collect stolen money.  I find this quite disturbing.

I contested this, and I was told this wasn’t an issue for the Ads department, but I was sent to a link at Twitter for hacked accounts that a person was locked out of, which wasn’t relevant, since I wasn’t locked out (I obviously, changed my password upon discovery of the problem).    As of this posting, Twitter has not acknowledged the actual problem, or shown any sign of launching an investigation.

I would strongly urge anybody with a credit card on file with Twitter Ads to immediately remove all payment methods, carefully review your credit card statements, and avoid doing business with Twitter.

It’s been hard to find information on this precise topic.  There’s lots and lots to read about Twitter Ads fraud of course, which is pretty much like any Pay-Per-Click fraud.  That’s where you create ads, and obviously agree to pay, and some bot (or sock puppet) clicks on your ads fraudulently.  That wasn’t the case here.  I never authorized the ad.

It’s also to easy find lots about twitter accounts being hacked.  But, generally that’s for the typical user, who doesn’t have a Twitter Ads account, but is just a regular user, that has somebody post a bunch of spammy garbage on their account, maybe impersonate them, and possibly lock them out.  While somebody did gain access to my account, they only posted a single tweet (plus some replies to it), and didn’t lock me out (so I could log in, and change my password, and disable any authorizations for apps accessing my account).

The one saving grace, that has worked out, is that my credit card issuer, Tangerine Bank, helped me out, and agreed to reverse the charges on my card, and will re-issue a new credit card to me.  They will also communicate the issues to Twitter, hopefully getting a better response.  I was so happy to be able to get hold of actually human beings, who actually listened to what I said, and worked to resolve the matter as efficiently as possible.  This is better than some banks, which will try to send a person back to the merchant that charged the card.  It’s ironic that Tangerine, which is a branch-less online-oriented bank, offers more helpful human service than most traditional brick and mortar banks.