If you’ve recently been tagged in strange Twitter threads, from seemingly verified accounts with NFT profile photos, you are not alone. Scammers are using verified accounts on Twitter to pose as the official Moonbirds account so they can pilfer funds, making it clear that a strong password is no longer enough to keep your account safe.
This latest hack caused financial as well as reputation damage to Twitter; however, the victims of this scam lost untraceable money in the form of cryptocurrency. Numerous high-profile accounts were hacked and a link was tweeted from these accounts offering an opportunity for users to double their bitcoin investment. Normally this form of phishing is easily identified as a scam, but when the tweet comes from influential and high-profile users it lends credibility and people are more likely to fall for it.
In the case of the Twitter scam, hackers were able to exploit weaknesses in the system and successfully bypass two-factor authentication, and added verification around password resets. Despite a shift in focus toward business and consumer cybersecurity, we remain vulnerable to hackers primarily due to three reasons:
- Weak Passwords. Passwords in general are a weak point because they are susceptible to human error and require vigilance in changing them.
- Phishing. Phishing attacks have become increasingly sophisticated making it more difficult to spot scams, especially when they are combined with social engineering.
- Centralized Databases. They allow for a single-point of failure and once hackers are in, they have access to sensitive data and it’s often too late by the time you realize what has happened. This is similar to what occurred with Twitter’s hacking fiasco.
In short order, the Twitter hackers were able to compromise multiple high-profile accounts and send tweets from these accounts enabling them to successfully defraud thousands of users. While there is always room for human error and security breaches within a social platform, the underlying issue with the Twitter attack were the weak links present within security architecture and procedures, something for which most companies are at risk.
Human error is inevitable. We can make mistakes, be emotionally manipulated or even go rogue. To prevent large-scale security breaches you need to enact a superior security architecture that can eliminate reliance on easily exploited weak links. Working with a trusted partner like Grapevine MSP ensures your business is protected from the many, and constantly evolving, online threats including phishing, ransomware, malware, and data breaches.