Hackers Target All The Major UK Banks

Uploaded on 2016-11-04 in BUSINESS-Services-Financial, FREE TO VIEW, NEWS-Cybersecurity News

A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials.

In this case, Proofpoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers' accounts on Twitter. They hijacked conversations users attempted to have with genuine support staff of banks, and redirected customers to a fake support page.

For instance, when a customer tweeted to the genuine Barclay's bank support account (@BarclaysUKHelp), hackers hijacked the request of support by replying with a fake customer support account (@BarclaysHelpUK).

Proofpoint researchers said: "Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the 'lure' is a fake customer support account that tricks your customers into giving up credentials and other sensitive information."

Social media phishing campaigns have increasingly become popular among hackers looking to gain access to sensitive user data. Proofpoint had previously stated that the firm had seen a 150% rise in social media phishing in 2016. In addition to banks, such campaigns target major brands, especially those that rely heavily on social media to advertise their products and connect with their consumers.

Such phishing campaigns are fairly simple to execute and difficult to defend, especially given that customers are often redirected to authentic seeming fake websites, designed to grab user data when victims unknowingly provide their usernames and passwords.

The fake accounts are generally successful in duping users, especially given that the language and tone used is similar to that of authentic support accounts. Moreover, the fake website is also designed such that it looks similar to authentic login pages commonly used by banks.

"This method of phishing is highly effective because your customers are already expecting a response from your brand. Unfortunately, angler phishing is part of a broader trend in social media fraud," said Proofpoint researchers.

IB Times:            Bank of England: Cyberattacks A 'Clear and Present Danger':

« Cost of Data Breaches Will Keep On Getting Higher
North vs. South: Cyber Warfare In Korea Is Escalating »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Grid32

Grid32

Grid32 provides independent computer system and physical security audit services to government and corporate clients of all sizes.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

ACA Group

ACA Group

ACA Group are a leading governance, risk, and compliance (GRC) advisor in financial services.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.

CyberForceHQ

CyberForceHQ

CyberForce helps cyber security professionals take real-world tests, get ranked and get paid better. It's that simple.