Bengaluru, November 1: Cyber-security researchers on Tuesday said that threat actors using fake Twitter accounts are impersonating banking entities to steal victims' personal and payment information via Zoho Forms, a free online form builder from Zoho Corporation.

The threat intelligence team of AI-driven Singapore-headquartered CloudSEK discovered this phishing email campaign. In this new campaign, said the researchers, the threat actors are misusing Zoho Forms to steal information from banking customers. India Records 6,74,021 Cyber Security Incidents This Year Up to June 2022: Government.

Whenever a customer tags the official banking customer care handle in a tweet, the fraudster pretends to assist them by providing a fake customer care number and an external shortened link that redirects to a Zoho Form service. Cyber Attack: Spike in Ransomware Threat to More Than 1.2 Million Per Month Between January-June, Says Report.

"The threat actor sets up a fake social media account (in this case, a Twitter account) with the brand logo as the profile picture. The fake account has a display name and username similar to the real account," according to security researchers.

Using these accounts, the threat actor comments on the Twitter posts of the banking customers seeking assistance or raising issues. The threat actor provides the customer with a fake customer care number and a shortened URL.

"The URL redirects the customer to a Zoho Form page which asks the user to input the following details: First and Last Name, Credit/Debit Card Number, Expiry Date, CVV, Available Balance," the team noted. Once submitted, the Personal Identifiable Information (PII) details are forwarded to the threat actor.

"We started investigating the mobile number used for contacting bank customers. Open-Source Intelligence (OSINT) performed on the number revealed that the number was also linked to a fake electricity bill payment scam. Several victims on different forums have flagged the same number," said a CloudSEK researcher.

The researchers highlighted that threat actors could use the collected PII to launch successful social engineering attacks against the victim. Threat actors will gain sensitive banking information, which may lead to financial loss.

To stay safe from such attacks, it is advised to identify and report domains impersonating brand names and trademarks. Bank customers should always double-check the URL or Twitter handle, said the researchers

(The above story first appeared on LatestLY on Nov 01, 2022 11:28 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).