Fraud Alert: Impersonation on Twitter; Beware of Dubious Apps, Links
Yogesh Sapkale | 18 November 2022
After trying to imitate toll-free or other numbers used by banks for customer care, cyber fraudsters are now impersonating financial institutions on social media. On Twitter, fraudsters have created fake accounts of ICICI Bank and are sending out dubious replies to customers under the pretext of offering help. 
Several apps on the Google Play Store masquerade as legitimate or authentic apps from well-known entities. Artificial intelligence (AI)-driven cyber-security firm CloudSEK found two lottery apps with over 1mn (million) downloads. Both are luring people by offering 5% of the winning amount to everyone who shares their referral link. 
Fake and Impersonating 'Customer Care' 
ICICI Bank seems to be the favourite target of fraudsters on social media. While the Bank was able to block a few fake Twitter handles, some others are still fooling customers. 
One such handle, ICICIBank Amazon credit card @ICICIBANK70 sends a 'standard' reply to anyone posting a query on Twitter about ICICI Bank Amazon credit card. Here is the kind of response sent out by the fraudster: 
"Dear Customer,
"We regret the inconvenience you hav . Request you to share your contact number via DM and we shall get in touch with you at the ICICI Bank Amazon credit card  support Calling four secondary number 8617299741"
The number mentioned in the reply is from Kolkata. According to messages posted by users on Truecaller, the fraudster seeks access to the customer's accounts, changes the PIN or makes the customer download device-sharing apps like AnyDesk and then asks for its access.
In another instance, ICICI Bank warned about @ICICIBank_Caxse, a fake account impersonating the lender on Twitter. The handle has been suspended after a complaint from ICICI Bank. 
Most reputed companies and service-providers respond quickly to queries and complaints on social media. That is why fraudsters impersonating official handles of companies are all the more dangerous and tend to fool less careful people into sharing personal information and bank account details.
When you post a grievance on social media (Twitter), check if the handle that responds to you is indeed authentic. Some fakes may even be 'verified' accounts with a blue tick. There is a good chance that the official handle will also respond or even spot the fake. If such handles ask for information over a direct message (DM) or WhatsApp, make sure that you do not share passwords and personal identification details without verification. Bank details or documents should never be shared with an unknown entity, especially on WhatsApp. The reason is simple. Your bank already has your information on record and will only ask questions to verify your identity.  
Apps Selling Fake Kerala Lottery Tickets
Cyber-security firm CloudSEK's contextual AI digital risk platform XVigil has discovered two applications that impersonate the directorate of Kerala state's lotteries, Kerala Lottery Online and India Kerala Lottery.
"These applications lure people into buying lottery tickets online. Threat actors are using referral links to spread their campaigns. To prove legitimacy, threat actors impersonate government entities and create fake advertisements from accounts having 200,000 followers on major social media platforms," CloudSEK says.
According to the cyber-security firm, in this case, fraudsters have bought some domains which act as payment gateway and allow them to accept payment from several unified payment interface (UPI) apps. The domains are,,, and The fraudsters are using six UPI IDs to carry out dubious transactions.
CloudSEK identified a strong connection between these two lottery apps and loan apps, which are now banned. "In both campaigns, 'h5.domainname.tld' is used to host important content of the website, which indicates that the same group of threat actors or the same SDK is being used to create and launch such campaigns," it added.
Besides a referral link, the fraudsters use multiple Telegram groups, YouTube videos, and posts on Facebook and Twitter to promote the fake lottery apps. The applications also ask for several permissions; notable among them was the request to install packages required to install other applications on the device. 
The lesson here is never to download and use any app without checking its details. Suspicious apps may contain remote access trojans (RAT) and device-sharing apps like AnyDesk, which help fraudsters access the device and entire data. Since the RAT and device-sharing apps remain hidden, the user will never know about their existence. 
RAT and the device-sharing apps show the entire activity of the device to the fraudsters in real-time. They can read all your messages, access the entire gallery and even call recordings. 
Recently, Google removed thousands of suspicious apps from its Play Store. However, due to its gigantic nature, it is difficult even for Google to keep an eye on every app. So, whenever you need, download only the authentic app by checking details from the Play Store and the app provider's website (for example, visit your bank website to know its app's official name and the Play Store link).
Be Alert, and Stay Safe!
Do report cyber crimes to the National Cyber Crime Reporting Portal or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).