Twitter are working hard to improve their security policies after a phishing attack struck them in early July. This allowed hackers to tweet from the accounts belonging to well-known personalities such as Jeff Bezos, Joe Biden and Bill Gates. An update shows that 45 accounts were tweeted from, 36 more had their inboxes accessed and the attack targeted a total of 130 accounts.
Twitter have since announced plans in their blog post to improve their security to ensure that something similar doesn’t happen in the future. Preventing “inappropriate access” to internal systems is said to be a priority. This attack was a Spear-phishing attack.
Spear-phishing is where people use a trusted sender or source to distribute their phishing materials. Naturally people are more likely to click on a link, open an email or fall for any of the methods these phishing hackers will use, if they know and trust the sender. Spear-phishing is becoming increasingly popular with cyber-criminals and they often prey on poor cyber-hygiene and attempt to mislead key employees, such as those in finance, HR or IT, exploiting human or process related vulnerabilities.
Phishing will always be an issue while ever there are even the tiniest gaps in security that can be exploited. The trick is to minimise the gaps as best you can, and to know how to spot a phishing attack. If you need any help with either of these steps, get in touch.
Original article by Sabina Weston – ITPro
Photo by Mael BALLAND on Unsplash