Security Awareness Training Blog

    Dancing with Hackers

    Two beautiful women dancing on dance floor in bar

    Dancing with the Stars pro Witney Carson announced on Twitter that her Facebook account had been hacked. Unknown miscreants gained control of Carson’s Facebook through a unique phishing technique and proceeded to upload spamming material to not only her page, but resharing items to other celebrity pages.

    Now, there are two questions that immediately come to mind:

    1. Who is Witney Carson?
    2. How was their Facebook account hacked?

    Unfortunately, I don’t know the answer to either of these questions. Prior to reading about the story in Pop Culture, I had personally never heard of Witney Carson. But that doesn’t matter, because it goes to show that you don’t have to be a global superstar with millions of followers to be an attractive target.

    Even accounts with a few hundred thousand followers (or even fewer depending on the industry) can be juicy targets for attackers looking to leverage the victim’s brand to spread malware or spam.

    So, the question becomes, how did Carson’s account get hacked?

    There are a number of possibilities:

    • It could be that Carson used an easily guessable password.
    • Maybe Carson re-used a password which was previously breached.
    • An agent / assistant had access to the Facebook account and the breach occurred there somehow.
    • Carson played a ‘Facebook game’ or allowed access via a third party which scraped her details.

    There could be many other ways, but what is clear is that by taking a few relatively simple steps such as practicing good password hygiene and enabling 2FA could have prevented the account takeover.

    It’s important that organisations protect their own social media accounts as well as ensuring its staff know how to best protect their accounts. New school security awareness training can help educate your users on how to secure an account, otherwise, accounts can be take over by criminals – and while it may not feel like a big deal, the impact of a compromised account can have far-reaching repercussions that affect the whole organisation.

     

    Return To KnowBe4 Security Blog

    Are your user’s passwords…P@ssw0rd?

    Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

    wpt02Here's how it works:

    • Reports on the accounts that are affected
    • Tests against 10 types of weak password related threats
    • Does not show/report on the actual passwords of accounts
    • Just download the install and run it
    • Results in a few minutes!

    Check Your Passwords

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/weak-password-test

    Topics: Phishing, Security Awareness Training, Password Security

    Javvad Malik

    ABOUT JAVVAD MALIK

    Javvad Malik is the Lead Security Awareness Advocate at KnowBe4 and is based in London. Malik is an IT security professional with over 20 years of experience as an IT security administrator, consultant, industry analyst and security advocate. He is also a multi-award winner and is currently a Guinness World Records holder for the most views of a cybersecurity lesson on YouTube in 24 hours.

    Read more from Javvad »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews