Yesterday, several high-profile Twitter accounts were accessed by hackers and used as part of a bitcoin scam. Barack Obama, Elon Musk, Uber and Apple were amongst those targeted by the attackers, who posted scam links promising that donations made to a bitcoin wallet would be doubled by the account holder. The link however, lead to the hacker’s accounts.
Twitter has revealed this morning that it believes the source of the scam to be a social engineering attack, which targeted specific employees at the company with certain access permissions.
Although further information about the nature of the attack is unknown at present, it highlights one of the most important security considerations for any organisation. Social engineering plays a key part in the cyber-threat landscape, exploiting human weaknesses through a variety of methods. These types of attacks seek to take advantage of gaps in the knowledge of individuals, prey on good nature or create a sense of urgency to encourage the victim to reveal sensitive information or send funds to fake accounts.
Compared to a technical hack, social engineering can be much more difficult to protect against. These types of attacks are constantly evolving, becoming ever more intelligent, and the only real protection is to educate yourself and your colleagues to be vigilant.
Perhaps the most prevalent form of social engineering, phishing attacks are reported to be at their highest for three years. Although many of us are familiar with what to look out for, scammers are always inventing new ways to exploit human nature. There has been a 600% surge in this type of attack since the beginning of the pandemic, with cyber-criminals finding sophisticated ways to create fake emails posed as legitimate requests or conversations between employees. SMS phishing has also played a part in this – read our previous blog to find out more about smishing scams.
Along with encouraging users to download malware, share sensitive information and credentials, or transfer funds by email, some scammers will also turn to vishing – calling victims over the phone to extract these details. It’s important to be wary of anybody trying to find out personal information, whether that’s online, via a text message or on the other end of a phone call.
Social engineering scammers are increasingly turning to social media to scout for vulnerabilities and information that can be used to exploit their victims. What you choose to share online can be used to target you – so it’s important to make sure that your profile is secure, and you’re aware who has access to what you post, before you put anything out there.
From a business perspective, your organisation can be put at risk by what your employees share online. The human element of any business is your weakest security link, so it’s important to have policies and procedures in place that limit what employees can post on social media.
Ensuring you have the best possible security solutions in place will offer some degree of protection against social engineering attacks, but it’s equally important to invest time in educating your staff. Make sure those with administrator access to vital systems, business-critical data or sensitive information are well-informed and trained on how to spot the most common types of attacks. Things to remember are:
Find out how our secure hosting solutions can protect your organisation from the evolving landscape of threats.