Cybercriminals Spoof Every Major UK Bank, Masquerade as Branded Customer Service Twitter Accounts

October 25, 2016
Celeste Kinswood

We last wrote about angler phishing social media scams this summer when hackers used fake social media accounts to target PayPal customers and steal their credentials. This is a part of a growing threat as social media phishing grew more than 100% between Q2 and Q3 of 2016. And now we’re seeing a new series of attacks targeting customers of major UK banks.

Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the “lure” is a fake customer support account that tricks your customers into giving up credentials and other sensitive information.

Cyber criminals create convincing fake customer service accounts with a handle similar to your real customer support account. Then they wait for customers to reach out to your real account with a help request. When your customer tries to contact your brand, the criminal hijacks the conversation by responding with a bogus customer support link sent from the fake support page.

In the example below, a customer tweets at the real Barclay’s handle, @BarclaysUKHelp asking for help with a student banking question. The response comes from a fake customer support account, @BarclaysHelpUK.

Interaction between a customer and a fraudulent customer support account.

The link in the fraudulent response leads to a lookalike login page intended to collect the customer’s online credentials.

Fake login page used as part of an angler phishing attack.

This method of phishing is highly effective because your customers are already expecting a response from your brand. Unfortunately, angler phishing is part of a broader trend in social media fraud. In our recent Social Media Brand Fraud Report, we discovered that 19% of social media accounts associated with ten top global brands are fake.

To learn more about how you can protect your customers and your brand from angler phishing, visit go.proofpoint.com/angler-phishing