Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Twitter hack: Social Engineering Explained 

16 July 2020 by Guest

Head Of Security And Compliance Headshot Small

Guest author Stephen Crowe, UKFast Head of Security and Compliance

Yesterday, several high-profile Twitter accounts were accessed by hackers and used as part of a bitcoin scam. Barack Obama, Elon Musk, Uber and Apple were amongst those targeted by the attackers, who posted scam links promising that donations made to a bitcoin wallet would be doubled by the account holder. The link howeverlead to the hacker’s accounts. 

A coordinated social engineering attack 

Twitter has revealed this morning that it believes the source of the scam to be a social engineering attack, which targeted specific employees at the company with certain access permissions.  

Twitter Hack

Although further information about the nature of the attack is unknown at present, it highlights one of the most important security considerations for any organisation. Social engineering plays a key part in the cyber-threat landscape, exploiting human weaknesses through a variety of methods. These types of attacks seek to take advantage of gaps in the knowledge of individuals, prey on good nature or create a sense of urgency to encourage the victim to reveal sensitive information or send funds to fake accounts.  

Social engineering can take many forms 

Compared to a technical hack, social engineering can be much more difficult to protect against. These types of attacks are constantly evolving, becoming ever more intelligent, and the only real protection is to educate yourself and your colleagues to be vigilant.  

Perhaps the most prevalent form of social engineering, phishing attacks are reported to be at their highest for three years. Although many of us are familiar with what to look out for, scammers are always inventing new ways to exploit human nature. There has been a 600% surge in this type of attack since the beginning of the pandemic, with cyber-criminals finding sophisticated ways to create fake emails posed as legitimate requests or conversations between employees. SMS phishing has also played a part in this – read our previous blog to find out more about smishing scams.  

Along with encouraging users to download malware, share sensitive information and credentials, or transfer funds by email, some scammers will also turn to vishing – calling victims over the phone to extract these details. It’s important to be wary of anybody trying to find out personal information, whether that’s online, via a text message or on the other end of a phone call.  

The role of social media 

Social engineering scammers are increasingly turning to social media to scout for vulnerabilities and information that can be used to exploit their victims. What you choose to share online can be used to target you – so it’s important to make sure that your profile is secure, and you’re aware who has access to what you post, before you put anything out there.  

From a business perspective, your organisation can be put at risk by what your employees share online. The human element of any business is your weakest security link, so it’s important to have policies and procedures in place that limit what employees can post on social media.  

How to stay safe 

Ensuring you have the best possible security solutions in place will offer some degree of protection against social engineering attacks, but it’s equally important to invest time in educating your staff. Make sure those with administrator access to vital systems, business-critical data or sensitive information are well-informed and trained on how to spot the most common types of attacks. Things to remember are: 

  • Set up multi-factor authentication on all devices.  
  • Never click on a link in an email or SMS message unless you are certain of the source.  
  • Pay attention to the domain name if you receive an email from an unexpected contact.  
  • Never send login details or payment information by text or email – no legitimate company would request this.  
  • Don’t be fooled by the urgency of the messaging. Take your time to assess and review the credentials.  

Find out how our secure hosting solutions can protect your organisation from the evolving landscape of threats.