Hackers Target All The Major UK Banks

Uploaded on 2016-11-04 in BUSINESS-Services-Financial, FREE TO VIEW, NEWS-Cybersecurity News

A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials.

In this case, Proofpoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers' accounts on Twitter. They hijacked conversations users attempted to have with genuine support staff of banks, and redirected customers to a fake support page.

For instance, when a customer tweeted to the genuine Barclay's bank support account (@BarclaysUKHelp), hackers hijacked the request of support by replying with a fake customer support account (@BarclaysHelpUK).

Proofpoint researchers said: "Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the 'lure' is a fake customer support account that tricks your customers into giving up credentials and other sensitive information."

Social media phishing campaigns have increasingly become popular among hackers looking to gain access to sensitive user data. Proofpoint had previously stated that the firm had seen a 150% rise in social media phishing in 2016. In addition to banks, such campaigns target major brands, especially those that rely heavily on social media to advertise their products and connect with their consumers.

Such phishing campaigns are fairly simple to execute and difficult to defend, especially given that customers are often redirected to authentic seeming fake websites, designed to grab user data when victims unknowingly provide their usernames and passwords.

The fake accounts are generally successful in duping users, especially given that the language and tone used is similar to that of authentic support accounts. Moreover, the fake website is also designed such that it looks similar to authentic login pages commonly used by banks.

"This method of phishing is highly effective because your customers are already expecting a response from your brand. Unfortunately, angler phishing is part of a broader trend in social media fraud," said Proofpoint researchers.

IB Times:            Bank of England: Cyberattacks A 'Clear and Present Danger':

« Cost of Data Breaches Will Keep On Getting Higher
North vs. South: Cyber Warfare In Korea Is Escalating »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

Cipher Security

Cipher Security

Cipher Security provides unique robustness tests and penetration tests, as well as customizable development services for vendors and providers.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

NNIT

NNIT

NNIT​ is one of Denmark’s leading consultancies in IT development, implementation and operations, including cyber security.

PKWARE

PKWARE

PKWARE is a global leader in business data security, providing encryption and compression solutions to enterprise customers and government entities around the world.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

IPQualityScore (IPQS)

IPQualityScore (IPQS)

IPQS anti-fraud tools provide a real-time fraud score to analyze how likely a user or visitor is to engage in fraudulent behavior.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.