Cryptocurrency Fraud , Fraud Management & Cybercrime , Fraud Risk Management

Twitter Hackers Targeted Employees With Phone Phishing

Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day
Twitter Hackers Targeted Employees With Phone Phishing

See update on three charged in connection with this hacking incident.

See Also: Enabling Government for Modernized IT

The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says.

On July 15, the attackers moved quickly, using phone-based phishing as the first step toward gaining access to the Twitter credentials needed to take over the accounts and posting their scam messages, Twitter says in a Thursday blog.

"It is more difficult to spot a phishing attempt on a mobile phone due to the smaller screen, the inability to see the full URL in the mobile browser, and lack of awareness on how to safely preview where a link is sending you before you tap it," says Hank Schless, senior manager of security solutions at mobile security firm Lookout.

Multistep Process

The hackers used a multistep process, working their way through levels of employees to obtain the logins to Twitter's internal network and then grabbing the admin-level credentials needed for accessing the internal support tools available to only a few employees, the company notes in its new report.

"Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes," according to Twitter.

The malicious actors used these credentials to take over 130 accounts, and then they tweeted from 45 of them. The hackers also accessed the direct message inboxes of 36 accounts and downloaded the Twitter data of seven, the company says.

Among the commandeered accounts were those of Microsoft founder Bill Gates, entrepreneur Elon Musk, Dutch lawmaker Geert Wilders and presumptive Democratic presidential nominee Joe Biden. The attackers used these accounts to conduct a brazen campaign designed to solicit money from the account holder's unwary followers (see: Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam).

Bill Gates' verified Twitter account was hijacked for cryptocurrency scam. (Source: SeekingAlpha)

About 360 people fell for the cryptocurrency scam and sent a total of more than $120,000 to the hackers, according to news media reports.

Too Much Access?

Twitter says it’s considering making the tools and levels of access required to gain access to accounts even more sophisticated to help prevent other hacker attacks. The social media giant notes that its worldwide teams need this level of access to provide support and review content.

Charles Ragland, security engineer at Digital Shadows, tells Information Security Media Group that workers must be trained to be suspicious of emails or phone calls that they aren't expecting, and a company must have easy-to-follow policies in place to report incidents so that these can be appropriately investigated.

"While Twitter states that these tools are heavily audited and restricted for specific use cases, it goes to show that technical controls can't stop everything," Ragland says. "Human vulnerability will always be a weak spot in any risk mitigation strategy. Implementing a culture of security awareness in the workplace can help reduce these risks."


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.