A top cybersecurity and anti-virus provider offered suggestions on how Twitter users can recognize scams on social media following the massive hacking of the microblogging platform this week.
Last Wednesday, July 15, Twitter experienced a major cybersecurity problem after high-profile verified accounts of celebrities and politicians, including US President Donald Trump and socialite Kim Kardashian, were hacked and managed to gather over $120,000 from their followers through the digital currency bitcoin.
Kaspersky noted that hacking into Twitter at this scale and getting away with it is concerning.
“Hacking into popular accounts to publish scam messages isn’t a new practice, neither is the doubling the donation scam. What is curious in this case is the scale of the attack and the fact that the actor completely took over the verified accounts – their emails have been changed, so the owners aren’t able to get access back quickly enough,” said Dmitry Galov, a security researcher at Kaspersky.
The agency highlighted two things—need for Twitter users to be more wary or cautious of scammers and for Twitter pages to have a two-factor authentication at minimum.
“This major scam highlights the fact that we are living in an era when even people with computer skills might be lured into scammers’ traps, and even the most secure accounts can be hacked,” said Dmitry Bestuzhev, a cybersecurity expert at Kaspersky.
Kaspersky suggested to social media users what to keep in mind the following to recognize possible threats and add extra protection to their accounts:
- Most online scams are tailored or curated according to the personality of the hacked account. Some hackers even “illustrate” scams in designs that appear authentic.
- Legitimate-looking scams have time limits to prevent potential victims from conducting a thorough check to their schemes.
- Official campaigns of big enterprises and individual initiatives have documents to back their promos.
- In line with this, they also do not ask potential customers or participants to transfer money tied to private bitcoin wallets.
- Change your passwords into something unique, strong and complicated without similarities to the passwords you have to other websites.
- Use two-factor authentication, wherein your identity has to be confirmed by a special code before you can access your profile.
- In line with this, consider using an app to generate code instead of a text message.
- You should also review the apps on your phone that have access to your Twitter account. Consider removing access to all of them.
In a lengthy Twitter thread on July 16, Twitter Support announced that they detected that the privacy invasion was perpetrated by one of their employees who have access to internal systems and tools.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” it said.
“Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers,” it added.
In the latest update on Friday, Twitter said that at least 130 accounts, including those with a large following, were targeted “in a way” by the perpetrators.
Twitter also assured its users that they are currently stepping up their cybersecurity systems and the investigation is still ongoing.
“We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can,” it said.