Using the theme of partnering with a made up COVID-19 non-profit, the latest hack on twitter allowed some pretty prominent accounts to be used as pawns in a scam that netted $120K.
When Elon Musk and Barack Obama tell you to participate in a “double your money” cryptocurrency scheme, apparently way too many people fall for it. In a recent short-lived attack on Twitter, the accounts of several well-known figures, the official accounts of Uber and Apple, and the heads of a number of cryptocurrency exchanges were all compromised and used to promote a scam in which victims are told to send payment via Bitcoin to a specific address and will receive back double their amount sent.
Additionally, the accounts of cryptocurrency exchanges posted “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a website.
Only a fool could fall for this, right? Wrong.
According to news reports, the scam took victims for over $120,000!
The use of impersonation isn’t new; nor is hacking twitter accounts for personal gain. But, putting them together in a coordinated attack on a large number of twitter accounts spells like a winning plan for cybercriminals.
If everyday people will fall for these obvious scams, how well will your employees fare when advanced social engineering techniques including deepfake audio are used to impersonate your CEO? Employees need to undergo continual Security Awareness Training that keeps them up-to-date on the latest tactics and the need for elevated levels of scrutiny whenever interacting with email and the web.
The cryptocurrency scam was way too easy to tell it was fake… and yet, people fell for it. Unless you prepare your employees now, when the right phishing attack comes (and it will), your organization will become the next victim of an attack with far greater potential for financial harm.