You might see phishing scams as solely email-based phenomena. But other platforms get at least as much play, if not more, from social engineers.
Social media networks have the attention of billions. And many of us take to them every day to interact with family and friends, network with industry colleagues, catch up on current events and hear from popular voices. So it’s no wonder that criminals try to mislead some of that high-volume traffic to fraudulent ends.
These kinds of phishing attacks often use mimicry to trick victims into clicking on links or following fake accounts. However, a recent scam on Twitter saw hackers flex their social engineering muscles, demonstrating just how powerful these methods can be.
The Twitter Hack
In late July, several high-profile accounts — including those of former President Barack Obama, Tesla CEO Elon Musk and rapper Kanye West — began tweeting out messages directing people to send Bitcoin to an account with the promise that they’d be paid back twice as much.
Twitter eventually verified that it had been attacked. The social media company said hackers had taken over 130 accounts, and managed to send tweets from 45 of them. They also accessed 36 direct message inboxes and stole data from seven users.
These criminals gained access to these accounts by using — you guessed it — a social engineering approach. In effect, they gained a massive spear-phishing tool (the high-profile accounts) by using spear-phishing attacks against Twitter’s own employees. The criminals picked up a phone and convinced their targets to give away credentials offering access to Twitter’s internal tools.
Twitter isn’t the only mark. Politicians on Facebook have been warned about recent spear-phishing attempts to gain access to campaign account credentials. In an election year, we can expect the war on disinformation to stoke up significantly; this appears to be one of its fronts.
Make Your Employees Aware of Social Media Hacks
Online fraud is becoming increasingly deceptive. That’s why individuals and businesses must do what they can to avoid falling prey.
Individuals should double-check the sources of all communications and remain skeptical of anything they read on social platforms. That goes double for anything demanding a prompt for quick action or seem a little out of character.
Organizations, meanwhile, must include social media and spear phishing education in their training programs. Fortunately, Lunarline has expert trainers that can help you do just that.
Contact us today to learn more about what Lunarline can do for you and your employees.