Hackers Target All The Major UK Banks

Uploaded on 2016-11-04 in BUSINESS-Services-Financial, FREE TO VIEW, NEWS-Cybersecurity News

A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials.

In this case, Proofpoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers' accounts on Twitter. They hijacked conversations users attempted to have with genuine support staff of banks, and redirected customers to a fake support page.

For instance, when a customer tweeted to the genuine Barclay's bank support account (@BarclaysUKHelp), hackers hijacked the request of support by replying with a fake customer support account (@BarclaysHelpUK).

Proofpoint researchers said: "Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the 'lure' is a fake customer support account that tricks your customers into giving up credentials and other sensitive information."

Social media phishing campaigns have increasingly become popular among hackers looking to gain access to sensitive user data. Proofpoint had previously stated that the firm had seen a 150% rise in social media phishing in 2016. In addition to banks, such campaigns target major brands, especially those that rely heavily on social media to advertise their products and connect with their consumers.

Such phishing campaigns are fairly simple to execute and difficult to defend, especially given that customers are often redirected to authentic seeming fake websites, designed to grab user data when victims unknowingly provide their usernames and passwords.

The fake accounts are generally successful in duping users, especially given that the language and tone used is similar to that of authentic support accounts. Moreover, the fake website is also designed such that it looks similar to authentic login pages commonly used by banks.

"This method of phishing is highly effective because your customers are already expecting a response from your brand. Unfortunately, angler phishing is part of a broader trend in social media fraud," said Proofpoint researchers.

IB Times:            Bank of England: Cyberattacks A 'Clear and Present Danger':

« Cost of Data Breaches Will Keep On Getting Higher
North vs. South: Cyber Warfare In Korea Is Escalating »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Pangu Laboratory

Pangu Laboratory

Beijing Qi an Pangu Laboratory Technology Co., Ltd. was established on the basis of Pangu laboratory, a well-known cyber security team.

Nagomi Security

Nagomi Security

Nagomi is changing the way security teams balance risk and defense, empowering customers to focus on what matters now.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Hudson Rock

Hudson Rock

Hudson Rock’s products — Cavalier & Bayonet — are powered by our cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.