Twitter Hit again… Inside job?
In an unsurprising turn of events, Twitter has managed to land itself in hot water yet again as 130 accounts were targeted in an account takeover attack.
An account takeover is a form of identity theft where a third-party gains access to a user’s account credentials and partakes in fraudulent activity by posing as the real user. Takeovers can use different methodology to acquire the users’ credentials. Two very common examples are via password brute force and phishing attacks. Twitter recently confirmed that only 130 accounts were affected by this account takeover whose victims were named VIPs, including Barack Obama, Elon Musk, Kanye West, and Bill Gates. The accounts were used to tweet a Bitcoin scam to millions of the VIPs’ followers.
Examples of the VIP Twiiter account takeover tweets
The hackers are believed to have gained access to Twitter’s back-end systems as tweets of Twitter’s control panel surfaced. Experts have presumed that Twitter staff may in fact have been involved in the account takeovers but the investigation is ongoing to determine what actually happened.
Internet Scams Escalating During Pandemic
The Covid19 pandemic has caused a massive surge in internet usage and the use of online tools and services. At the same time, cyber incidents are plaguing South Africa and increasing in number as more people rely on technology to work from home and entertain themselves and their families. South Africa has in fact been reported as receiving one of the highest number of organisation compromises due to stolen credentials In a recent survey.
Internet scammers have not missed this opportunity to refine their skills and create even more believable campaigns, tricking the less observant users into giving away their credentials and/or hard-earned money. Much like any career-focused individuals, scammers adapt to change and put in the time and effort to achieve their goals, however illegal it may be.
A recent survey showing South Africa having the highest number of organisations with credentials stolen (Sophos, The State of Cloud Security 2020)
This is a clear indication that credential theft is an ongoing issue in South Africa and is one of the biggest obstacles to overcome. Both homes and businesses are affected by this and at the rate of incline for cyber-attacks targeting South Africa it’s becoming a major weakness that cannot be neglected.
Recent Scams
Emails received from genuine-looking but unfamiliar senders that include a link to follow, such as the following one:
Following the link takes you to a fake website, as shown below.
The fake website
Opening the document on the fake website then takes you to a spoofed Outlook web login page which at first glance looked legitimate.
The fake Outlook login page
One failing to login to the fake Outlook page, the user then likely submits their Office 365 or Outlook credentials in the page shown below.
The login credentials request on the fake site.
Once the credentials were captured, they were then used to gain access to the user’s mailbox and bulk spam was sent to all the contacts in both their address book and the recent mail interactions. With only a couple of minor mistakes made, a person would log in to the fake site very easily and be compromised.
The Proof of Payment (POP) scams.
These particular phishing scams are much less sophisticated but still very effective – see below.
A typical POP phishing scam
Selecting the Download POP Here option takes you to a page that has a fake bank form on it from one of the local banks and you are then asked to log in to your bank account to view the POP. If the fake form appears to be from the same bank that a user banks with, they are more likely to try and log in subconsciously as they often log into their bank account at least daily. Again, the user’s credentials are then stolen and used by the hacker to potentially log into the user’s bank account. This is where two-factor authentication is valuable to prevent such access and at least an sms notification from the bank if a user’s account has been logged into so that the user can contact the bank straight away to lock the hacker out and change the access username and/or passwords.
419 Scam
This form of spam is an introduction communication which the scammer distributes to a wide audience as spam in the hope of a response. The technique always yields some results and is used extensively these days.
Example of 419 scam
What to do if caught by a phishing scam
- Change the password for the Outlook/Email account that has been compromised.
- Determine what other service, website, store, bank, etc. utilises the same password as the stolen one and change all of them too.
- It is best to use a completely new password and not variations of the old ones
- Use more than 10 characters for the new password
- The new password should utilise numbers, symbols, upper & lowercase letters anywhere in the password possible to make it less hackable
- Avoid using the same password for multiple accounts
- Check for email forwarding rules in Outlook Web (the same applies to other online email services) – here
- If anything seems suspicious, avoid it like the plague as it usually is.