6th April 2021, Kathmandu
In recent years, cyberattacks have been increasing day by day. Nowadays, Cybercriminals have placed more pressure on the financial sector. A recent study shows that 65 % of financial services companies have experienced a cyberattack last year.
The majority of these cyberattacks were the result of phishing or ransomware attacks.
Group-IB, a global threat hunting firm, in a recent cyber intelligence study, published a cyber intelligence report. Describing shares findings regarding an ongoing Twitter-based fraud campaign targeting Indonesia’s largest banks.
Cybercriminals are posing as bank representatives or customer service team members on Twitter and laying the booby trap to lure and gain the trust of their victims.
This huge campaign started in January 2021. This campaign has now grown from 600 in January to 1,600 fake Twitter accounts impersonating banks as of early March.
Security analysts found evidence of at least seven large Indonesian financial institutions has been suffered from this campaign.
How the scam proceeds?
The scam usually starts with a customer leaving a comment on the bank’s Twitter page.
Then they were contacted by scammers using fake Twitter accounts. They will make you believe that we are bank representatives or customer services.
After the customer interacts with the fake Twitter account, the attackers invite the customer to talk offline on a third-party messenger, such as WhatsApp or Telegram.
Furthermore, the attackers give the customer a link during the off-line chat, which redirects them to a phishing website that looks exactly like the official banking website. Where the cybercriminals are waiting to steal your banking credentials. Including username, email, and password.
How to know about such scams
These scams usually start with a simple message that may believe you are either from customer services or from bank representatives. They will talk more often ask to do something. They will ask you to provide your bank details or ask you to go to any third party saying that this just bank procedure.
The real bank representatives will never ask you about detail or ever ask you to click on any third-party link. If you are unsure about anything just call on the bank phone number ask them “I got a message from your bank that I need to give my detail. I just want to make that is it you or anyone.” Then they will make sure is it a scam or not.