A new social media phishing scam campaign has been identified by security researchers at Proofpoint, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials. Mark James, Security Specialist at ESET commented below.
“Cyber criminals often come up with new and different ways to trick the unsuspecting user into releasing their private information. As trends move this way the easiest victim is the one expecting to receive a response. If you target someone out of the blue the chances are it will be unsuccessful, if you are able to respond to someone’s cry for help you are already more than halfway there. Voicing your concerns publicly via social media is increasing more and more as it brings awareness to people’s concerns. Of course companies want to move it away from being public as soon as possible to contain the PR repercussions but the downside is that the user is already expecting a response. Once they get that the thought of it being fake is often far from their minds, we expect some kind of security procedures to be executed so again we are playing right into their hands.
We need to understand that these days sadly not everyone on the internet is who they say they are. Users should take some time to research the official response channels, make sure you know who is going to respond and be very wary of any deviations in names or errors in grammar. It only takes a few minutes to be the victim of fraud or identify theft and cannot be undone. Of course you can cancel cards and change passwords but it’s the inconvenience that causes the most damage in these cases. Also, don’t be afraid to ask questions, get some info from them if you’re concerned and go check it out, come back after you have verified it’s true, 15 or 30 minutes won’t make a lot of difference and if they are genuine they will understand and often encourage it.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.