"Cybercriminals Make Twitter a Playing Field to Target Indonesian Banks"

The global threat hunting company Group-IB recently released a cyber intelligence report that shares findings regarding an ongoing Twitter-based fraud campaign targeting Indonesia's largest banks. The cybercriminals behind this campaign are masquerading as bank representatives or customer support team members on Twitter in order to lure and gain the trust of victims. Security analysts found that at least seven large Indonesian financial institutions have been targeted in the massive campaign. The scam starts with a customer leaving a comment on the bank's official Twitter page. They are then contacted by fraudsters using fake Twitter accounts that appear to belong to real bank staff representatives or customer support employees. After engagement occurs between the customer and the fake Twitter account, the attackers invite the customer to chat off-line on a third-party messenger, such as WhatsApp or Telegram. During the off-line chat, the attackers send a link to the customer that redirects them to a phishing website identical to the official banking website where the cybercriminals can exfiltrate entered banking credentials. This article continues to discuss the use of Twitter in a fraud campaign against Indonesia's major banks, the growing performance of multi-stage scams, and how banking customers can identify such scams. 

CISO MAG reports "Cybercriminals Make Twitter a Playing Field to Target Indonesian Banks"