Bank Negara (BNI) might be “just” the fourth-largest bank in Indonesia, but it has 1,000 branches all over the world, including Tokyo, London, and New York.
Financial services are the most impersonated industry in phishing scams (according to Central Bank), and Bank Negara turned out to be a classic case study of this growing threat intelligence issue.
Cyabra discovered 165 Twitter accounts impersonating Bank Negara Customer Care. Those were not merely malicious actors hoping for some quick scam money – the fake profiles were operated with expertise and precision. An example of that is the fake verification mark on their profile pictures, as seen below.
Laughing All the Way to the “Bank”
In the last 3 months, Cyabra identified 2,600 posts, replies, and retweets created by those fake accounts impersonating BNI Customer Care. The profiles also imitated the writing style of the real Bank Negara, introducing themselves using random names of Customer Care representatives, and writing in a similar fashion.
Instead of slowly growing the social presence of the fake accounts and waiting for people to fall in their nets, the bad actors pretending to be Customer Care were active, finding real profiles’ posts that tagged Bank Negara asking for help. The fake profiles then responded as the Customer Care representatives offered their assistance, and included a link to a WhatsApp chat – which was, of course, a phishing link. They were also retweeting the post created by the real profiles to gain more exposure.
The fake accounts were careful to stay under the radar – they didn’t create any original content of their own or offer any services. They only retweeted real profiles’ content.
The screen capture below show the real Customer Care account interacting with a customer, and the fake one doing the same. Could you tell the difference? Check out the spreadsheet at the bottom of the article for a detailed comparison by Cyabra’s analysts.
This social engineering method, clearly created with a deep understanding of the Twitter algorithm, not only presented the false impression of authentic profiles with a large consumer base but also managed to mislead quite a lot of people: 75% of the interactions with the fake profiles were authentic profiles that had no idea they were talking to scammers.
Can You Identify Malicious Actors Impersonating Your Company?
Impersonations are becoming a growing risk for large companies. Even if you’re a threat intel or cyber security expert, identifying fake profiles and fake content on social media requires a completely new skill set. Not only that: your fans and followers on social media are now expecting a company or brand to be the first to know of any impersonations or fake profiles using their names, and alerting the same fans and followers, warning them to watch out for scams.
Don’t wait for customers’ disappointment to turn into resentment and consumer rage. Cyabra provides accurate, cross-platform, multi-language, real-time social threat intelligence. Contact us to set up a demo.
Check out the comparative analysis of BNI’s real profile vs. the imposter, created by Cyabra’s analysts: