Cybercrooks are posing as customer support staff from UK banks in a ruse designed to hoodwink gullible customers out of their credentials.
The social media phasing scam relies on the creation of bogus Twitter profiles, such as @BarclaysHelpUK (real example, now suspended). Customers are already expecting a response from a targeted brand, hence the response rate to so-called Angler phishing attacks can be high, email security firm Proofpoint warns.
Cyber criminals create convincing fake customer service accounts with a handle similar to your real customer support account. Then they wait for customers to reach out to your real account with a help request.
When your customer tries to contact your brand, the criminal hijacks the conversation by responding with a bogus customer support link sent from the fake support page.
Previous attempted frauds along the same lines sought to defraud PayPal account holders. Social media phishing in general more than doubled between Q2 and Q3 of 2016, according to Proofpoint.
Mark James, security specialist at anti-malware firm ESET, said it’s not hard to see how the approach would be successful.
“Voicing your concerns publicly via social media is increasing more and more as it brings awareness to people’s concerns,” James said. “Of course companies want to move it away from being public as soon as possible to contain the PR repercussions but the downside is that the user is already expecting a response.
“Once they get that the thought of it being fake is often far from their minds, we expect some kind of security procedures to be executed so again we are playing right into their hands,” he added. ®