Good Twitter Samaritans accidentally prevent shoeshine scam

Good Twitter Samaritans accidentally prevent shoeshine scam

A few days ago, Indian news portals were buzzing with tales of a well-worn shoeshine scam making its way into social media. It’s a great example of how good-natured gestures can unwittingly aid scammers when we combine high-visibility accounts with potential lack of fact checking. Thankfully, it comes with a happy ending for a change.

What happened?

A Twitter user dragged this offline scam into the digital realm by mentioning that they’d run into an individual claiming to be a shoeshine boy. The scam goes as follows: They gently insist on shining your shoes, they refuse any money offered unrelated to said shoe shining (“I’m not begging”), and then they get to work.

While shining the shoes, eventually they mention that their life would change if they could get a shoeshine box. As the discussion continues, they pick the right moment to shift gears, and before you know it, they’re telling you to take them to a specific shop a small journey away, and the confused person with the sparkling shoes is handing over about US$25.

The scam here is that once the victim has gone, the scammer goes back to the shop and gives half the money back. It’s a smart piece of social engineering on the part of the scammer. Aside from anything else, “Please come with me to this random location 15 minutes away” isn’t a safe thing to do at the best of times.

What happened after this hit social media?

Glad you asked. This rather old scam may have played out the same way it always has, except the Twitter user mentioned above caught the attention of some big follower accounts. Hoping to assist the suspect shoeshine boy in their quest to get a shoeshine box, actress Parineeti Chopra went a little further and started mentioning the possibility of job offers. Given her account currently has 13.2 million followers, that’s a massive chunk of syndication for a fakeout.

As we’ve seen many times in the past, this could’ve just as easily been a malware scam, or a phish, or some other awful wheeze at the victim’s expense. When you’re blasting out content to that many people, one hopes it’d be checked beforehand. Alas, it was not. Would the person contacted by the scammer fall for it? Or would things take a different turn?

To the rescue

Weirdly, it took the multi-million follower actress Tweeting out a “help this person” comment for other people to point out that it was a fake [1], [2]. If she hadn’t, the person who first mentioned it might have been parted with their cash.

You can see video of an actual encounter with someone who (it is claimed) is the same individual from the most recent anecdote. Essentially, if you’re in India and you’re approached for a shoeshine: fine. If there’s a sudden mention of shoeshine boxes and immediate trips to another location: politely decline and be on your way.

Summer is here…and so are the scams

This is an interesting case where unintentionally amplifying a scam actually helped to bring it down. You see that happen a fair bit in tech-centric realms, especially with so many scam hunters online and lurking on social media. However, this isn’t quite so common with real-world scams and certainly doesn’t typically play out in real time.

So-called fake news and other forms of misinformation can be incredibly damaging, and it doesn’t have to be at the international level. More commonplace scams targeting regular web users can be just as harmful on an individual level. Given summer is indeed upon us, it’s a good reminder to try and steer clear of scams whether online, offline, or a mixture of both.

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.