In a jaw-dropping report from group IB a global threat hunting firm the cybercriminals are targeting Indonesia’s largest banks to steal their money. In addition, they said that they found some traces on Twitter as the cybercriminals have been managing their activities on Twitter. To tempt the potential victims the criminals come as the bank representative or customer support services on Twitter. The high severity phishing campaign started in January and since then it has been only rising as with the passage of time more and more people have been falling victims to these cybercriminals. Security researchers have discovered evidence of at least seven prominent Indonesian banks that have been targeted under this campaign. Since these attacks began more than two million Indonesians have become victims of these attacks specifically those who have been handling their bank account on Twitter.
These cybercriminals target a specific person when he/she asks a question or leaves feedback about something on the official page or app of the bank. They are then promptly contacted by scammers, who use fake Twitter accounts with a profile photo, header, and description that impersonates those of the real ones. The second method they use to lure a person to become a victim is by contacting them on telegram or via WhatsApp. After this, the cybercriminals would send a link to the potential victims while asking them to log in there for solving their problem through a complaint. The links lead to a phishing website identical to the official website of the bank, where victims leave their online banking credentials, which include username, email, and password. “The case with the Indonesian banks shows that scammers have managed to solve one of the major challenges of any attack – the issue of trapping victims into their scheme. Instead of trying to trick their potential victims into some third-party website, cybercriminals came to the honey hole themselves. The campaign is consistent with a continuous trend toward the multistage scams, which helps fraudsters lull their victims,” Ilia Rozhnov, Group-IB head of Digital Risk Protection in APAC, stated.