Targets for phishing attacks are careless media users, and recently, Major UK bank are the main targets of a phishing campaign reportedly has been identified by security researchers.
Hackers create fake social media accounts such as Twitter, faking customer support staff to pitfall users into giving out their personal details and also, with a real-looking fake website, they can just sit back and scoop up data as victims unwittingly hand over their usernames and passwords.
Proofpoint researchers said: "Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the 'lure' is a fake customer support account that tricks your customers into giving up credentials and other sensitive information.", according to Information Age.
Reported by IBT Times. Social media phishing campaigns have increasingly become popular among hackers looking to gain access to sensitive user data. Proofpoint had previously stated that the firm had seen a 150 percent rise in social media phishing in 2016. In addition to banks, such campaigns target major brands, especially those that rely heavily on social media to advertise their products and connect with their consumers.
Celeste Kinswood from Proofpoint, says In many of the examples we've seen, the hacker is not just collecting banking credentials. They also ask for information like ATM Pin, Credit/Debit card numbers, security questions and answers, and even social security numbers. With this information, they can circumvent some security measures, make purchases/withdrawals without online access, or create entirely new bogus accounts using the customer's information,"
To one's security, there are some basic things users can do to make sure they don't become victims of this style of social media phishing attack. A quick search for the real account should also validate if the one contacting you is fake. Most importantly, be mindful in using social media accounts.