Social Media platform giant Twitter reported a security incident on Wednesday 15th July 20 which affected scores of verified accounts including Bill Gates, Elon Musk and Jeff Bezos. These accounts were used to promote a bitcoin scam that netted hackers an estimated $120,000 bitcoin.
In a statement Twitter said:
“At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme.” …
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems“
What’s social engineering?
Social engineering attacks target people, manipulating and tricking someone into revealing confidential or sensitive information. It’s a common method of attack and is used widely in phishing emails, but also applies to phone calls or instant messaging too.
I get loads of these all the time and they’re pretty easy to spot, how did Twitter get hacked?
We all know the most common and easy to spot types of social engineering scams, generally targeting finance departments with calls claiming to be from their bank or HMRC or similar.
But what if they rang up your customer support or IT dept, would they be able to be so prepared for these types of attacks? Especially as COVID has forced most customer support teams to work remotely from the office, it’s even more difficult to stay in contact with co-workers, leaving it gaps for attackers to work with.
So how can we protect our business from these types of attacks?
Protecting your business from a twitter style attack can seem daunting, but there’s a number of things you can do right off the bat, such as
You don’t have to be the size of business like Twitter to be targeted by a social engineering scam or attack. You also don’t have to be the size of Twitter to effectively defend yourself against this type of attack.
People are the key to any social engineering attack. Preparing your people and your business processes to handle potential scenarios around these types of attacks will not only strengthen your business but your confidence against these attacks as well.