Scammers steal personal info for social engineering attacks

Scammers on social media are stepping up efforts to collect personal identifiable information (PII) from unsuspecting users, specifically in the banking domain. While such identity scams are not new, a survey by homegrown cyber security firm Cloudsek said that scammers are looking to add further authenticity on social media platforms by closely impersonating official customer support channels — and offering Zoho Forms as an official-looking medium for customers to file grievances.

Identity scams typically look to cash in on customer distress and grievances — offering the promise of prompt resolution of financial issues to dupe users.

According to Cloudsek, the scammers typically operate on Twitter, and are often early responders to user complaints. They subsequently offer a customer redressal form, urging users to fill in their personal information in order for their issues to be resolved.

The medium used by the attackers are free to use forms offered by homegrown technology services firm, Zoho Corp, which are configured with official bank logos to dupe users.

To be sure, the use of free forms modified to impersonate financial institutions to steal PII from social media is one of the most popular forms of scams. However, in this instance, scammers are looking for longer term benefits as a result of these attacks, by gaining user trust.

While filling up of the forms may not lead to immediate financial loss for users, the loss of PII could lead to social engineering attacks — wherein the scammers may use the scoured information to convince users of their authenticity, thus leading to losses in future.

An annual report on bank frauds by the Reserve Bank of India (RBI) for FY22, published on May 27, said that the volume of financial frauds associated with banks grew by nearly 24% over FY21 — with 9,103 reported frauds of ₹1 lakh and above in FY22. However, the overall quantum of bank frauds dropped by 56% YoY — down to ₹60,414 crore in FY22 from ₹1.38 lakh crore in FY21.

The central bank noted that among other factors, the biggest issue with reporting of frauds was the lack of timeliness in reporting of bank frauds.