Hackers Target All The Major UK Banks

Uploaded on 2016-11-04 in BUSINESS-Services-Financial, FREE TO VIEW, NEWS-Cybersecurity News

A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials.

In this case, Proofpoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers' accounts on Twitter. They hijacked conversations users attempted to have with genuine support staff of banks, and redirected customers to a fake support page.

For instance, when a customer tweeted to the genuine Barclay's bank support account (@BarclaysUKHelp), hackers hijacked the request of support by replying with a fake customer support account (@BarclaysHelpUK).

Proofpoint researchers said: "Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the 'lure' is a fake customer support account that tricks your customers into giving up credentials and other sensitive information."

Social media phishing campaigns have increasingly become popular among hackers looking to gain access to sensitive user data. Proofpoint had previously stated that the firm had seen a 150% rise in social media phishing in 2016. In addition to banks, such campaigns target major brands, especially those that rely heavily on social media to advertise their products and connect with their consumers.

Such phishing campaigns are fairly simple to execute and difficult to defend, especially given that customers are often redirected to authentic seeming fake websites, designed to grab user data when victims unknowingly provide their usernames and passwords.

The fake accounts are generally successful in duping users, especially given that the language and tone used is similar to that of authentic support accounts. Moreover, the fake website is also designed such that it looks similar to authentic login pages commonly used by banks.

"This method of phishing is highly effective because your customers are already expecting a response from your brand. Unfortunately, angler phishing is part of a broader trend in social media fraud," said Proofpoint researchers.

IB Times:            Bank of England: Cyberattacks A 'Clear and Present Danger':

« Cost of Data Breaches Will Keep On Getting Higher
North vs. South: Cyber Warfare In Korea Is Escalating »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

Perseus Cyber Security

Perseus Cyber Security

Perseus provides all-around digital protection for small and medium-sized businesses through state-of-the-art software solutions, flexible online training and emergency response.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

Flix11

Flix11

Flix11 is a Cyber Security & ICT Solutions focused company. We provide a range of products and services in Cyber Security, Internet of Things (IoT) and infrastructure solutions.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.

Oak9

Oak9

Oak9's Security as Code platform dynamically secures Infrastructure as Code (IaC) and deployed cloud workloads, automatically.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.

CallCabinet

CallCabinet

CallCabinet is the premier cross-platform SaaS provider for end-to-end compliant call recording, AI-driven conversation analytics, call QA, and custom business intelligence reporting.

Attura

Attura

Atturra is one of Australia's leading advisory and IT solutions providers, focused on providing end-to-end transformation services to its clients.

Cure53

Cure53

Cure53 offers classic black-box penetration tests (zero-knowledge) as well as white-box tests and code audits.