Being that I handle all of the ITRC’s social media, I come across scams all the time. Usually they are pretty obvious and fit into a category which I have pointed out before. However, this morning I came across something that made me shake my head with amazement.
Cyber criminals have gotten so sophisticated and ahead of the curve that they almost wrangled me into a phishing attack. Now I’m not saying that only dummies fall for phishing attacks. It is quite the opposite actually and I have spoken with many very intelligent people who have fallen for a phishing scam. However, I literally wrote about phishing scams on Twitter two weeks ago. I post about it on a daily basis on our social sites to warn others. I really thought I would have an eye for every Twitter scam out there. I was wrong.
Unless you have been in non-Internet land, you know that Target recently had a data breach which compromised 40 million accounts. Here at the ITRC our call center went crazy with people who knew that they had shopped at Target during the time stated in the breach announcement and wanted to know how to protect themselves. People were frightened and confused. This made for a population which would be vulnerable to phishing scams. We warned people about this and told them to be careful with any emails they received from “Target”. Okay, so we covered the phishing angle of the attack backlash, moving on, right? Not so fast there chief.
The attacks grew and moved to social media which brings me to the part of the story which made me shout a little Touche’ at the cyber criminals preying on victims of the Target Breach. I received this tweet directed at the ITRC:
The tweet came from a seemingly concerned citizen who had seen our efforts to help the victims of the Target breach. I almost retweeted it. I mean, it seemed so custom made for us; our subject, directed at our handle and something we would really want to share with our followers. That is if this list actually existed. I then went to look at the profile of the person who tweeted it and found it odd that this tweet was the first thing that had been posted in English (all preceding were in Spanish) and that the same tweet had been sent out every hour to other people covering the breach. I did a preview of the link and saw that it was going to redirect me to a site that told me I had to log back in to Twitter.
That was the key, I knew it was a phishing scam and had I clicked on the link and entered my login information then the ITRC’s Twitter account would have been hacked. Now that would have been very embarrassing. I tweeted at the profile owner that her account had been hacked and that she needed to change her password. I then posted the alert on all of our social networks in hopes that no one would become a victim to this rather intricate phishing attack. I have not heard back from the account owner and I hope she is able to reclaim her account. As it is, this stands as just one more example of why we need to stay on our toes when dealing with tricky cybercriminals.
"Phishing for Targets" was written by Nikki Junker. Nikki is the Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.