Musk’s Twitter takeover hit a heavy roadblock yesterday. In his hopes of having users pay for verification, it seems Musk caught the attention of looming cyber criminals, hungry to hijack users accounts by impersonating as Twitter support services.
Prior to Musk’s announcement, many scammers attempted to defraud users who wanted a blue tick on Twitter. These scammers claimed they could verify a user’s identity and status to get them the blue tick in exchange for money, sometimes thousands of dollars. It doesn’t surprise me that this scam has now been flipped to phish users who already have the blue tick. It’s ironic that Musk claimed the new subscription would help reduce spam, but has, in the short term at least, increased it.
Unfortunately, the bad actors of the world are always alert for opportunities to do a little “phishing.” Twitter users should remain alert for phishing attempts like this. Always closely look at emails like this, check the email’s address, there is zero chance that an official Twitter email would come from a “gmail.com” account. Never click any links or attachments in these types of unsolicited emails. Delete them, and also report them as spam.
In today’s digital world, fraudsters have never been so ruthless with their tactics, and they’re increasingly using ones that are far more personal and harder to spot – capitalising on our human vulnerabilities, as evidenced by the surge in phishing scams in light of Musk’s Twitter changes.
With cybercriminals now masquerading as trustworthy support services to go unnoticed, businesses need to be tactical if they wish to spot suspicious behaviours. Many of these attacks, at their root, come down to some type of compromised identity, with user access points often targeted. With identity often being the make or break to any type of attack, organisations have a vital role to play in better safeguarding their identities, both machine and human. To reduce the risk of phishing attacks, businesses must look to implement multiple security controls – this should be standard best practice for cyber security.
Cyber criminals will use any tactic to trick people into handing over sensitive information. Organisations also have a vital role to play in increasing training and awareness for staff to spot suspicious and ‘out of the ordinary’ requests, whether that’s on email, phone or via social platforms. Additionally, on an enterprise level, we must fight bad actors with innovative technology such as identity security, to protect the workforce and reduce the risk of cyber-attacks and data breaches, by spotting irregular behaviour from users.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics