back to article Phishing fraudsters pose as UK bank social media types

Cybercrooks are posing as customer support staff from UK banks in a ruse designed to hoodwink gullible customers out of their credentials. The social media phasing scam relies on the creation of bogus Twitter profiles, such as @BarclaysHelpUK (real example, now suspended). Customers are already expecting a response from a …

  1. AndrewDu

    You'd go and get help about your online banking from Facebook or Twitter?

    For some reason the sympathy meter is stuck on zero.

    1. James Marten
      Devil

      InstaWhatsTwitFace != Support

      Yes, you or I would never go to social media for banking help. But when the banks themseves (and everyone else besides, even the government and police) are pushing social media as a primary means of communication, then who can blame them?

    2. Terry 6 Silver badge

      A common experience is that if we, the public, need to complain to these companies by the normal routes we get shunted through the "Contact us" web page that doesn't have a phone number, that directs us to an FAQ page that doesn't answer any questions (let alone how to make a complaint) that bounces us back to the "contact us " page. Or should we actually find a phone number, it's to an electronic switchboard of labyrinthine construction, that leads to a script monkey, if we get that far.

      But a public complaint on Twitter gets results more often. (Though they seem to be getting better(?) at fielding those too).

      1. Anonymous Coward
        Anonymous Coward

        re. they seem to be getting better

        I have a nasty feeling the bots are getting better :(

        1. tr1ck5t3r

          Re: re. they seem to be getting better

          Its never been easier to drain bank accounts considering the IQ levels of many egotistical social media users.

          Of course once said bank account is drained of funds, Carr v Carr 1811 has set a precedent which states that money on deposit with a bank becomes the property of the bank not the customer so its legally impossible for bank customers to ever experience fraud.

          Its just modern day bank robbery when considering the 1811 judgement, and considering how easy it is to set up a social media account from any part of the world, just base yourself in some country that has no extradition agreements in place.

          Simplez...

    3. Anonymous Coward
      Anonymous Coward

      why, it's cool bro, facebook banking, bank facebooking, signum temporis and stuff. SecondLife ahoy...

  2. Anonymous Coward
    Anonymous Coward

    Anti-social media strikes again

    Just remove youself from it all and keep yourself safe from the Crims.

  3. A K Stiles
    Joke

    but his name was "Lloyd Bank"

    and his avatar was a picture of a lovely horse!

    1. Rich 11

      Re: but his name was "Lloyd Bank"

      And he sent me a file which played that lovely 'Black Beauty' music! But then my computer crashed sad face sad face emoji twat sad face emoji emoji

  4. tr1ck5t3r

    I dont really trust Eset that much since I found out they appear to have no faith in their own antivirus anti spam products as noted by their use of messagelabs.com aka Symantec as seen here.

    http://mxtoolbox.com/archive/?actionstring=mx:eset.co.uk

    Pref Hostname IP Address TTL

    10 cluster3.eu.messagelabs.com 194.106.220.35 30 min Blacklist Check SMTP Test

    20 cluster3a.eu.messagelabs.com 85.158.139.103 30 min Blacklist Check SMTP Test

  5. Anonymous Coward
    Anonymous Coward

    User Error, make them pay for their ignorance rather than me

    For those that have difficulty with the concept of personal space/information/security try the following rules

    Never give personal information to people you do not know, if you do know them ask why they need it

    Never accept anything from sources that you cannot sue/have arrested in the event that they are bogus

    Accept that sane people you never met before are unlikely to want to make you rich, laid, happy or anything else you would like for free. Everything has a cost and if they are reticent about it then the chances are it is a price you do not want to pay.

    This isn't being paranoid, there really are bad people out to get you and if you do not protect yourself then the consequencies are all your own fault.

    If your friends actually like you then why would they want you to use services that expose you to this kind of abuse.

    1. tr1ck5t3r

      Re: User Error, make them pay for their ignorance rather than me

      "Never give personal information to people you do not know, if you do know them ask why they need it"

      So many systems/companies use the same metrics, its not hard to build a bigger data set besides how many people have a dect/gsm phone to listen in to?

      http://www.theregister.co.uk/2008/12/31/dect_hack/

      http://www.instructables.com/id/Telephony-DECT-Sniffing-with-Dedected/

      https://myassgeek.wordpress.com/2011/07/31/how-hackers-hack-gsm-phones/

      Not hard to port to a little Raspberry pi Zero complete with battery pack stuck in your gutter!

      "Never accept anything from sources that you cannot sue/have arrested in the event that they are bogus"

      How many people check the id of someone in a yellow flouro jacket turning up at your door? Even if you checked their id and perhaps called the number on the card, how hard is it to forge an id card and setup a voip system for some people to call? http://www.voipfone.co.uk/EP_UK_Telephone_Numbers.php

      https://www.sipgate.co.uk/basic/

      Look at Kim Kardashian in Paris for a recent example of how people are obedient to uniforms of sorts even criminals wearing police uniforms after jewelery.

      You show me a "system" and I'll show you a hack beit electronic or psychological.

      Take social media, you can scan their social media and run scripts to pull out pertinent info like names & dates and rehash them into a targeted password list for other online services they may use.

      People leak data whether they like it or not, and determined hackers will get what they want.

      Even biometric data like fingerprint scanners can be fooled, ergo nothing is fool proof as these police officers demonstrate themselves. https://www.youtube.com/watch?v=_fIOM24grQo

      So with that in mind, how would you like your grandparents or parents to be treated when they are hacked?

      1. Anonymous Coward
        Anonymous Coward

        Re: User Error, make them pay for their ignorance rather than me

        The basic rules above give protection against casual attack, if someone is determined to get you and has enough resources at their disposal then they will.

        Given that most people take no responsibility for their own safety, then they are making things easy for criminals to profit and thus promoting crime for everyone.

        If everyone was following the rules, then the cost to the criminal goes up making it less profitable and hence less attractive.

        As to the power of uniforms to demand unthinking compliance then I remember studies in the UK showing a genetic link to Germanic stock that had much higher susceptibility, personally I do not suffer from this problem.

        For me a uniform gets as much compliance as I wish to give and validation via calling the police in to confirm they are not bogus covers the "who to sue" bracket if they are incorrectly validated. Most criminals are afraid of the police so having them show up deters many would be scammers, well that stayed around to be validated rather than ran away.

        The police sadly are just as lazy and ignorant as everyone else but given that the police have training to accurately profile appearance combined with them getting sued when they get it wrong moves things towards safety for everyone.

        Upping the stakes against criminals makes you less attractive when there are still easy targets out there, so do it everytime.

        I have had all sorts of people tell me to do things that they had no right to do, the ones that did hold some authority that they were abusing bricked it when challenged because they have the most to lose.

        As to companies demanding personal information before providing a service then firstly try another provider. Secondly challenge their right to demand the data and do it in writing with the name of their agent who demanded it. Many cave in and the ones that remain can eventually be forced to stop collecting it if only enough people refused. Pick one datum used to prove identity and never give it out to anyone verbally, in my experience companies will accept that you will never give this information and use other data to validate.

  6. Anonymous Coward
    Anonymous Coward

    Father Ted?

    Anyone else thinking of 'my lovely horse' and Father Ted with the mention of Lloyds?

    https://www.youtube.com/watch?v=RG0QKaaLTCE

    1. A K Stiles
      Pint

      Re: Father Ted?

      Thank you! - I was waiting for that reference to appear.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like