In the News:
Last week, several prominent and verified Twitter accounts, including Bill Gates, Elon Musk, Barack Obama, and Kanye West, were hijacked by attackers looking to trick followers into sending money to specific accounts. The tweets promised to double the “investment” their followers sent within 30 minutes. While most people identified the Tweets as an obvious scam, enough people were fooled that the attackers earned more than $100,000. In Twitter’s blog post about the scheme, they explained the breach that allowed the hijackers to takeover verified accounts.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, log in to the account, and send Tweets.”
Our Take:
The successful breach on Twitter demonstrates that even an established company with a full security team is not immune to compromise. This incident highlights not only the importance of avoiding falling for scams like getting rich quick schemes but also of knowing the signs of social engineering—the use of deception to manipulate individuals into divulging confidential or personal information—so that you don’t become a victim.
Not every breach attempt is focused on finances. Examples of potential indicators of social engineering that could be targeting your access to professional, research, or academic information are:
- Someone unknown reaches out and displays excessive interest in learning about what you do and what type of information you can access
- A stranger contacts you online wishing to collaborate with you and asks you to provide information you wouldn’t typically share
- You receive an email asking you to click on a link and enter your credentials
- Flattery that leads to questions about specific proprietary details you have access to
Recommendations:
There are seemingly endless options for attackers to attempt to fool you into providing them with access to your personal information. An educated user is a more difficult target.
- Social engineering tactics aren’t limited to email. Be aware of attacks through phone calls, texts, or other online messaging applications.
- Be suspicious of promises that seem too good to be true, especially when institutional data or personal information is involved.
- Learn how you can protect your information and identity and be familiar with tips for securing your identity.