Since the arrival of social networks Until now, the problem of fake accounts is common on platforms. If they are detected in time and properly reported, they can be eliminated without much inconvenience, but the magnitude of the problem increases when they steal. information and money.
A report prepared by the cybersecurity company ESET indicates that in Argentina a total of 82 fake profiles posing as five banking entities. The cybercriminals intended to steal the access keys into customer accounts to steal their money and even take out loans in their name.
According to Camilo Gutiérrez Amaya, head of the ESET Latin America Research Laboratory, banks constantly warn their clients of this problem and offer information on how to recognize their official profiles. “Unfortunately, it is the very characteristics of social networks like Twitter that allow (fake accounts) to continue to be created,” she added.
How users are misled
The fake accounts have a way of operating that consists of configuring automatic responses to comments of people labeling the real bank accounts and posing as the area of Customer Supportso clients will trust these profiles.
The next step in the deception is to ask people to follow the fake account so that they can communicate via direct messages on Twitter and, later, a telephone number with which the cyber criminals they will impersonate a representative of the bank.
This is how they will get to extract information such as access codes, tokens and other personal information that will allow access to the accounts to steal the money.
The idea of deception is to resemble the fake accounts as much as possible to the official ones, so that some of them include the official links of banking entities, although there were also cases in which the URLs disseminated did not lead to official websites, but to false versions.
The use of false accounts to impersonate company services is not new and, according to what the security company indicates, a similar modality was used to steal access credentials to virtual wallets and steal cryptocurrencies of the users.
In 2021, a similar modality was also reported in Instagram: the identity of banks was supplanted in the social network and attempts were made to contact users through direct messages inside the platform. The objective was the same: to obtain the phone number of a potential victim and convince her to hand over personal information through WhatsApp or a call
How to avoid being a victim
In order not to fall for scams like this, users should be very vigilant and pay attention to details that could indicate that the account they are contacting or interacting with is fake. The key elements to consider are:
– It is not a Verified account. Official bank accounts always have a verification mark, which guarantees not only their authenticity, but also the security of the links and communications that can be generated with that specific profile.
– The name of the account is different from that of the official count. Paying attention to the letters used can be important. A hyphen (_) or an extra letter in the username is suspicious.
– In the case of this type of profiles, it is necessary to pay attention to the creation date. If they are new profiles or not more than two months old, then the user could be interacting with a fake account.
– It does not have publications or, in any case, there are not many. In the case of having them, you can carefully observe the language type which it uses to determine if the account is fake.
– One factor to take into account is that these types of profiles, being recently created, they don’t have many followers.