How a Security Business Tricked Social Media Phishers

A cybersecurity vendor in the UK has shared details on how it turned the tables on an angler phishing operation. The operation attempted to pose as Virgin Media Support on Twitter.

Social Media Phishers

This approach to phishing attacks is a relatively new one. The process involves the scammer registering a Twitter account under false pretence, masquerading as a legitimate customer support account. It then monitors the real support accounts for angry customer messages. Once they spot one, they quickly jump in with the intention of exploiting the customer’s frustration. They send messages back to these customers, quite often including malicious links for them to click on.

This is what happened to an employee at Fidus Information Security, a pen-testing firm in the UK when they made a complaint to Virgin Media via the social media platform. After receiving a response from both the official account and a legitimate-looking fake, they decided to have a bit of fun.

Deserved Payback

They began by testing how gullible the scammers may be. They provided the scammers with a fake name (Wade Wilson, also quite commonly known as Marvel’s Deadpool) and a fake address (Savile Row police station). The scammers then requested card details linked to the Virgin Media account. Fidus responded with a set of test credit card details.

Of course, the card did not authorise for the scammers. They then tried to persuade their “victim” into providing them with details from another card. At the same time, the security vendor was, in turn, trying to fool them into clicking on a link to a website hosted by its company. This would expose the scammers IP address.

In the end, the firm produced a fake screenshot of an AmEx fraud alert SMS featuring its own phishing link requesting that the user click to verify their card details. This seemed to have done the trick, and the phishers became the phished.

“After sending a fake SMS message we received a click on our web server. At this point, the game was up as the IP linked back to our website and we never received a reply back,” the vendor explained.

“We reported this all back to Twitter, who’ve since suspended the account, and Police in the UK in the hope some action can be taken against those responsible.”

Stay on top of your Game with IDM 2019

Join hundreds of leaders and innovators at Whitehall Media’s leading biannual identity management conference. Meet with industry professionals to find new opportunities, discuss ways to transform your IAM infrastructure into an actionable business resource and review the latest in ways to shape the IAM sector, keeping you ahead of the curve.