Cyabra Launches Deepfake Detection

165 Profiles and the Bank Ain’t One: BNI Impersonation 

Bank Negara (BNI) might be “just” the fourth-largest bank in Indonesia, but it has 1,000 branches all over the world, including Tokyo, London, and New York. 

Financial services are the most impersonated industry in phishing scams (according to Central Bank), and Bank Negara turned out to be a classic case study of this growing threat intelligence issue. 

Cyabra discovered 165 Twitter accounts impersonating Bank Negara Customer Care. Those were not merely malicious actors hoping for some quick scam money – the fake profiles were operated with expertise and precision. An example of that is the fake verification mark on their profile pictures, as seen below.

Side-by-side comparison of two BNI Customer Care Twitter profiles: the left panel, marked Real Account in green, displays the verified @BNICustomerCare profile with 55.5K followers, while the right panel, marked Imposter in red, shows a fake @Papa_Odin profile with 269 followers

Laughing All the Way to the “Bank”

In the last 3 months, Cyabra identified 2,600 posts, replies, and retweets created by those fake accounts impersonating BNI Customer Care. The profiles also imitated the writing style of the real Bank Negara, introducing themselves using random names of Customer Care representatives, and writing in a similar fashion. 

Instead of slowly growing the social presence of the fake accounts and waiting for people to fall in their nets, the bad actors pretending to be Customer Care were active, finding real profiles’ posts that tagged Bank Negara asking for help. The fake profiles then responded as the Customer Care representatives offered their assistance, and included a link to a WhatsApp chat – which was, of course, a phishing link. They were also retweeting the post created by the real profiles to gain more exposure. 

The fake accounts were careful to stay under the radar – they didn’t create any original content of their own or offer any services. They only retweeted real profiles’ content. 

The screen capture below show the real Customer Care account interacting with a customer, and the fake one doing the same. Could you tell the difference? Check out the spreadsheet at the bottom of the article for a detailed comparison by Cyabra’s analysts.

Twitter exchange in Indonesian showing user @arahlogika asking @BNICustomerCare to check their direct message, followed by the verified BNI customer service account replying that they will respond soon and reminding users to only trust verified BNI accounts
The Real BNI account
Two identical tweets from fake Twitter account BNICustomerCare (@Papa_Odin) replying to users and directing them to WhatsApp number +1 913 336 6664, illustrating a BNI customer service impersonation scam
The Fake account – notice the fake verification mark


This social engineering method, clearly created with a deep understanding of the Twitter algorithm, not only presented the false impression of authentic profiles with a large consumer base but also managed to mislead quite a lot of people:
75% of the interactions with the fake profiles were authentic profiles that had no idea they were talking to scammers.

 

Can You Identify Malicious Actors Impersonating Your Company?

Impersonations are becoming a growing risk for large companies. Even if you’re a threat intel or cyber security expert, identifying fake profiles and fake content on social media requires a completely new skill set. Not only that: your fans and followers on social media are now expecting a company or brand to be the first to know of any impersonations or fake profiles using their names, and alerting the same fans and followers, warning them to watch out for scams. 

Don’t wait for customers’ disappointment to turn into resentment and consumer rage. Cyabra provides accurate, cross-platform, multi-language, real-time social threat intelligence. Contact us to set up a demo.

 

Check out the comparative analysis of BNI’s real profile vs. the imposter, created by Cyabra’s analysts: 

Comparison table detailing differences between BNI’s official Twitter customer care account and impostor profiles, listing variables such as account name, handle, verification sign, follower count, bio details, and creation date

Download the full report

Related posts

Time of Arrival: Never! The Luggage Scam

In 2023, Facebook is still the most popular social network online, with 3.030 billion monthly active users. its massive user base has always made it...

Traveler facing airport departure boards and piles of abandoned suitcases with price tags while social-media icons float overhead, illustrating luggage sale scams

Rotem Baruchin

December 5, 2023

How to Keep Your Brand Safe with Deepfake Monitoring

Remember when seeing was believing? Those days are rapidly fading into history.  Most people think of deepfakes as videos where someone tries to impersonate another...

Side profile of a woman overlaid with red and gray digital faces and code, conveying AI-powered deepfake surveillance and brand protection

Rotem Baruchin

December 2, 2024

How Media Literacy Protects Us from Threats

US Legislators, educators, and parents: do you know where your state stands on Media Literacy education? New research by MediaLiteracyNow.org, supported by Cyabra, sheds light...

United States map with states shaded in varying purple tones indicating strength of media-literacy legislation and initiatives, with Texas, Washington, New Mexico, Ohio, Florida and several northeastern states shown in the darkest shade

Rotem Baruchin

February 19, 2023