Scammers are now using Twitter as their new platform. They use Twitter to lure in individuals looking for customer support, by interjecting themselves into legitimate conversations the customers are having with their Financial Vendors, and offering friendly chatter and a link that directs the customer to a Phishing page designed to harvest their financial credentials.
Who are the targets?
The scammers are focusing on finanical insituations that have interacted with their customers through social media. The attack occurs right after financial companies tweet to their customers. The cyber criminals interact with finanical insituation's customers, their answers vary due to different questions being asked and before they end the conversation, they direct the victim into taking "additional measures".
Who are the targets?
On Twitter, someone – or perhaps a group of people – are following support accounts for large financial institutions and watching their interactions with customers. Depending on the question(s) asked, the scammers respond to the customer (usually after the official account has) and direct them to take 'additional' measures.
Here are two examples of this cybercrime being committed:
- NatWest is a large commercial and retail bank in the U.K. A customer who had login problems with their NatWest account was assisted by the NatWest official customer service associate. Two hours after the officicial assist, the scammer directed the customer to a website and asked them to verify their login identity so they could "reset their password".
- The second victim was a customer of a large British bank (Nationwide Building Society). The victim was asking about a special cash back promotion. The customer received an answer back from the Nationwide Customer Service officials, and then the scammers continued the conversation. The attack involved a link requesting the customer to "validate their account" to check their cashback offers.
How is it done?
The scammers interact with unsuspecting customers by making their messages look convincing (social engineering). By using twitter names that seem to mimic the real financial support accounts and adding other variables to make it seem like they're genuine and authentic.
What the banks have done?
The banks continue to send out warnings to their customers.
Ways to prevent this from happening from you!
- Don't give out sensitive information to anyone even through verified public channels that seem to have customer service or customer support.
- Do not accept URL links. If a URL link is clicked, and you are brought to a fishing page, contact your bank immediately and change all of your log in information.
- If your account is hacked, go to the bank right away or make a phone call to the bank as soon as you know and ask what you should do next.
- Social media is a great place to contact businesses that meet your personal needs but be wary of any potential attacks such as URL links that require personal log in information.