Customers of UK’s Metro Bank targeted by Twitter fraudsters

When Metro Bank opened its doors five years ago, it was reportedly the first new high street bank to launch in the UK for over 150 years.

It may have joined an old club, but now its customers are at risk of falling for the modern threat of online fraud.

The genuine Twitter accounts of Metro Bank are @Metro_Bank and – for customer service – @MetroBank_Help.

However, if you need help from Metro Bank be very careful not to trust another Twitter account that some ne’er-do-well has created, calling itself @AskMetroBank.

Fake Metro Bank Twitter account

Fake Metro Bank Twitter account

What’s happening is this:

A customer of Metro Bank tweets about a problem they are having with the bank. For instance, here’s a customer grumbling that Metro Bank’s iPhone app could be better.

However, there’s nothing to stop anyone else seeing the public tweet, and choosing to barge in on the conversation, pretending to be the genuine company – and potentially tricking unsuspecting customers into handing over information or visiting a malicious webpage.

And that’s precisely what the fraudsters behind the bogus @AskMetroBank account appear to be doing – asking customers to “verify” their accounts.

Bogus tweet

Sounds pretty phishy to me, and don’t be surprised if visiting that link carries a sting in its tail more unpleasant than a bank’s overdraft penalty charges.

Furthermore, imagine the potential danger if customers were duped into getting into a private direct message (DM) conversation with whoever is running the fraudulent account, and were tricked into handing over personal information.

Fortunately, some of Metro Bank’s customers are savvy enough to suspect that the account is up to no good:

Savvy customer

The real Metro Bank support Twitter account has started warning customers about the malicious imposters, and hopefully Twitter will suspend the account soon.

But clearly there’s a danger here which might rear its head for many other organisations, attempting to provide decent support and service on social media. Be on the lookout for copycat accounts which may be attempting to lead your customers astray.

Thanks to Twitter user @tug for bringing this suspicious activity to my attention.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.