Group-IB, a global threat hunting firm, has discovered traces of an ongoing phishing campaign targeting Indonesia’s largest banks that cybercriminals manage on Twitter with the ultimate goal of stealing bank customers’ money. To lure the victims into their trap, attackers pose as bank representatives or customer support team members on Twitter.
Threat actor started this phishing campaign in January and since then it has grown by leaps and bounds. Currently, 1,600 fake Twitter accounts are impersonating banks as compared to 600 in January. Security researchers have discovered evidence of at least seven prominent Indonesian banks that have been targeted under this campaign.
Over two million Indonesian bank customers are affected due to this phishing campaign, specifically, those who are active on the legitimate bank handles on Twitter. This fraudulent scheme was on the radar of Group-IB’s team since December 2020. Back then, only limited cases of this type of fraud were detected, but over the past three months, it expanded tremendously – from 600 fake Twitter accounts to 1,600.
The methodology used by cybercriminals
Cybercriminals identify their targets after a bank customer asks a question or leaves feedback on the bank’s official page. They are then promptly contacted by scammers, who use fake Twitter accounts with a profile photo, header, and description that impersonates those of the real ones.
The next step is to engage the victims in a conversation via Telegram or WhatsApp. Then, the scammers send a link to the victims asking them to log in there for solving their problem through a complaint. The links lead to a phishing website identical to the official website of the bank, where victims leave their online banking credentials, which include username, email, and password.
“The case with the Indonesian banks shows that scammers have managed to solve one of the major challenges of any attack – the issue of trapping victims into their scheme. Instead of trying to trick their potential victims into some third-party website, cybercriminals came to the honey hole themselves. The campaign is consistent with a continuous trend toward the multistage scams, which helps fraudsters lull their victims,” Ilia Rozhnov, Group-IB head of Digital Risk Protection in APAC, stated.