Last week, Proofpoint drew attention to a phishing fraud in which criminals impersonated banks’ customer support accounts on Twitter to target inattentive users. Contacting customer support teams on social media – especially on Twitter – has become a common practice, especially when users have simple questions and need prompt help. And when human beings are in need, they tend to lower their defences and be more careless. Cyber criminals are well aware of these behaviours and are ready to take advantage of the situation.
This common phishing scam is known as angler phishing, because it’s similar to the way the anglerfish attracts its prey with its bioluminescent lure. In the fraudsters’ case, it’s by offering what users need: help. The fake Twitter accounts look like legitimate accounts, with replicas of logos and basic information. Only the account names reveal the fraud, but to very attentive eyes only – @BarclaysUKHelp has recently fooled people looking for support from the legitimate @BarclaysHelpUK account. It’s the sort of difference few people would even know to look for.
Fraudsters detect tweets of users in need and promptly reply by directing them to a spoofed website that looks very similar to the bank’s login page. The fraudsters only have to wait for inattentive users to enter login credentials and other sensitive information.
Are you sure your staff won’t swallow the bait?
What if a member of your financial department has trouble with the company’s bank account and tweets for help? Without sufficient awareness of phishing attacks, they are likely to be hooked by fraudsters. 55% of professionals interviewed by Ponemon Institute admitted that their organisation had suffered a security incident or, worse, a data breach due to staff misconduct, either malicious or inadvertent. Is your staff aware of these emerging and increasingly dangerous threats?
Raise awareness of phishing attacks in your company
Being vigilant is the golden rule to avoid becoming a phishing victim. But how can staff be more vigilant? Who is going to teach them how to identify a phishing fraud? The answer is easy: a staff awareness course. The Phishing Staff Awareness e-learning course teaches your staff what phishing attacks are, how they work and how to identify them, using real-life examples and engaging activities.