A new social media phishing scam campaign has been identified by security researchers at Proofpoint, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials. Mark James, Security Specialist at ESET commented below.
Mark James, Security Specialist at ESET:
“Cyber criminals often come up with new and different ways to trick the unsuspecting user into releasing their private information. As trends move this way the easiest victim is the one expecting to receive a response. If you target someone out of the blue the chances are it will be unsuccessful, if you are able to respond to someone’s cry for help you are already more than halfway there. Voicing your concerns publicly via social media is increasing more and more as it brings awareness to people’s concerns. Of course companies want to move it away from being public as soon as possible to contain the PR repercussions but the downside is that the user is already expecting a response. Once they get that the thought of it being fake is often far from their minds, we expect some kind of security procedures to be executed so again we are playing right into their hands.
We need to understand that these days sadly not everyone on the internet is who they say they are. Users should take some time to research the official response channels, make sure you know who is going to respond and be very wary of any deviations in names or errors in grammar. It only takes a few minutes to be the victim of fraud or identify theft and cannot be undone. Of course you can cancel cards and change passwords but it’s the inconvenience that causes the most damage in these cases. Also, don’t be afraid to ask questions, get some info from them if you’re concerned and go check it out, come back after you have verified it’s true, 15 or 30 minutes won’t make a lot of difference and if they are genuine they will understand and often encourage it.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.