Embarrassed, angry, victimized. That’s just a few of the words my friend uses to describe his recent run-in with a cybercriminal that used a hacked Twitter account to scam people out of hundreds of dollars. Twitter, meanwhile, ignored his pleas for help. That’s when I got involved.
After Tim Utzig lost $1,000 to a fraudster who tricked him using a hacked Twitter account, I asked an expert in social engineering and hunting scammers to help. Ultimately, we tracked down the suspected culprits and identified a network of apparent scammers and money mules expertly swindling people out of their savings. This scamming saga shows how fraudsters use social media, build a network of people to operate different payment accounts, and apply effective techniques to bilk their victims.
It also shows the additional challenges that blind users like Utzig face on the internet and how they are at higher risk of exploitation by indiscriminate online criminals.
Inaccessible and Unacceptable
On May 23, Utzig realized he’d been scammed. He was gearing up for a journalism master’s program at the City University of London and happened to be in the market for a new laptop. By coincidence, someone using the Twitter account of longtime Baltimore sports reporter Roch Kubatko tweeted that they had a new Apple laptop for sale. Utzig trusted Kubatko, whom he’d previously met, and the tweet seemed innocent—and arrived at the perfect moment. So Utzig responded to the tweet with a DM.
Utzig uses a screen reader to navigate the internet and social media apps, including Twitter. A sighted person may have observed oddities in the initial tweet and profile, but the screen reader did nothing to alert Utzig about a key fact: Kubatko’s Twitter account had been hacked, and the person he was talking to wasn’t Kubatko.
“I feel like people with disabilities as a whole are more susceptible to online fraud—screen readers are just one of the methods used by a population who are visually impaired or blind to assist in using technology,” Utzig says. “You’re going to miss certain visual cues that might signify fraud, such as someone changing their profile picture to something different, and the screen reader won’t pick up on it.”
Screen readers also often don’t vocalize misspellings, inaudible grammatical errors, or typography such as fully capitalized words that a sighted person may see as suspicious. And the alternative text on image descriptions, which are manually applied by the individual sharing the content, is the only way a screen reader can describe an image.
Then there’s Twitter itself. Check marks are now effectively useless, especially if you’re blind. Since Twitter changed its verification system under Elon Musk’s ownership, the blue tick that used to be a reliable sign of identity can now be obtained by pretty much anyone. A screen reader will call the Twitter Blue check mark “verified” as before, but the blind user can no longer rely on it as much as they once did.
Recent moves by Twitter concern accessibility advocates. Last year, Twitter laid off its accessibility team, which was responsible for ensuring the platform was usable for people with disabilities, and restrictions on Twitter’s API broke some tools and resources used by blind people. These changes prompted the National Federation of the Blind to move away from Twitter and create a Mastodon server, which the group says is more friendly and accessible for blind users.