Threat Alert: What to Watch For

• Scammers are creating fake customer support Twitter accounts for various banks and financial institutions. Scammer use these fake accounts to respond to users who tweet questions at their banks or financial institutions. 
• The fake customer support accounts direct users to call an attacker-controlled phone number. 
• These fake accounts may bear very similar names to the actual, legitimate financial institution. However, these accounts will not have the verified checkmark. Keep in mind that Twitter has introduced new verification markers in different colors. Attackers may attempt to take advantage of potential confusion from these changes to the verification process. 
• Additionally, the actual Twitter handle for these malicious accounts, found after the “@”, may contain a string of numbers indicating they were created in batches. 

Tips to Remember (at Work and at Home)

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an account is legitimate. Cybercriminals often imitate well-known organizations.  
• Be suspicious of social networking messages from people you don’t know. Cybercriminals know that many people are trusting of legitimate-seeming accounts on social media, particularly those responding to a customer query. Remember: Phishing techniques aren’t limited to email.  
• Do not use phone numbers provided via social media messages. While organizations do operate legitimate customer support accounts on social media, any question pertaining to sensitive information (such as banking) should be taken to customer service directly. Always navigate directly to an organization’s website and look for phone numbers or customer support options on the website itself.