The first 4G network in the UK called EE use twitter to communicate with their customers and try to help out as best as possible without having to call customer services. Whilst results so far have been rather mixed and a lot of people (myself included) never getting a reply they have helped quite a few customers out. They go by the handle @EE and this account is verified so you know it is them.
However the last few days a new account called @EESupport has been setup and confusing a lot of customers with sarcastic comments and wrong information leading to quite a few unhappy people. It is worth pointing out straight away this is NOT an official account by EE but someone setting it up to see how easy it was to fake a large brand online.
The reason they did this was EE were asking customers to DM them mobile numbers, date of births and even passwords over twitter which could be seen as not the most secure way to pass on vital account information that if in the wrong hands could cause havoc.
The creator of the account has since posted a message for everyone saying:
I awoke this morning to find that my twitter feed had exploded with news of @EE asking users to DM their passwords to them. This sparked a concern for me, I thought to myself “What if someone else was to impersonate a network such as EE and ask users for personal information?” I thought back to earlier in the week, when one of my friends created a parody of O2’s Twitter Support @MyO2Care. His account was eventually suspended. I thought about this for a while then decided to create my own parody account of EE: @MyEECare.
I went onto twitter and registered, then I copied and pasted EE’s biography and added “Fictional” to the end of it. Then I grabbed their Profile Picture, Header Image and Background and uploaded them to my own. My work was done, @MyEECare was ready.
I went over to @EE’s mentions and started replying to people, I continued this all night (Some people I genuinely sorted things out for!) The amount of people who genuinely believed this was a genuine EE twitter astounded me, reflecting on it though why would it? It looks identical, the only difference was it wasn’t verified – How many people genuinely check if an account is verified? I started pushing it as far as i could and started replying sarcastic witty remarks. Eventually I was caught out and reported as a fake and @MyEECare was over.
But that wasn’t the end of it. I then registered @EESupport! I was really surprised this was available, like would it have been too hard for EE to register all similar usernames to prevent this kind of thing? Clearly not! I continued what I was doing earlier and just replied to people, some I helped, some I annoyed. Still though many genuinely believed this was an official account! It was absolutely crazy. Unfortunately I wasn’t thinking and didn’t record any statistics for you statistic lovers.
This is a genuine issue which really needs investigated thoroughly. If I easily impersonated a national phone network and convinced a large group of people that I was in fact real I easily could’ve asked for personal details, Some would presume if a parody account asked for personal details they would be quickly suspended! Apparently not as the genuine @EE account has been asking for certain numbers out of peoples passwords – Suggesting they have them on file to verify there identity (Meaning they’re not encrypted) This in itself is crazy. Troy Hunt wrote an excellent article on this here http://www.troyhunt.com/2012/12/ee-k-dming-your-password-is-never-good.html?m=1#update1 and even gave us a mention!
Whether you agree or disagree with his actions please take note that @EESupport is NOT an official EE account, if you wish to contact them please do so on @EE