Twitter hack: Account takeovers that IDShield will warn you about
The latest Twitter hack is being called one of the most audacious cybersecurity hacks of all time. If you don’t know what happened, here’s the high level: On or about July 15, 2020, hackers hijacked the Twitter accounts of some of the world’s most famous people, including Joseph R. Biden Jr., Barack Obama, Kanye West, Bill Gates, Elon Musk and more. The incident also impacted some of the world’s biggest companies including Apple and Uber.
Star-studded issues aside, we at IDShield want to remind everyone, even if they are not publicly recognizable, of the importance of social media protection.
What happened?
In the worst cyber incident in the company’s 14-year history, hackers infiltrated 130 high-profile, verified accounts and tweeted messages with a false promise: Send Bitcoin cash, and these prominent figures would send you back double the amount. The accounts were confirmed to have been compromised in what Twitter believes to be a social engineering attack.
What’s a verified account?
The blue verified badge on Twitter lets people know that an account of public interest is authentic.
The badge appears next to the name on an account’s profile and next to the account name in search results. It is always the same color and placed in the same location, regardless of profile or theme color customizations.
What is a social-engineering attack?
Social engineering is when a cybercriminal manipulates and tricks users into making security mistakes or giving away sensitive information. Such a plot often involves tactics of phishing, pretexting, baiting, quid pro quo and tailgating. This is one of the most common cyber schemes, and what makes it so dangerous is that it relies 100% on human error. Content from a verified account from your favorite politician or tech giant has got to be real, right? Spoiler alert: It may not be.
It has been reported that the scammers received hundreds of payments, totaling thousands of dollars. It was an unprecedented attack on privacy, trust and security, but what’s even scarier: some experts say the hackers could have caused far more damage.
Another learning experience for the books
Unnerving, right? How many more attacks will it take for everyone to realize that online privacy and reputation management is not a light-hearted recommendation? In the age of digital warfare, everyone must understand how scammers operate, and how to utilize defense tools and resources.
How would someone with IDShield have been alerted?
The statement “…payments sent to my BTC address!” and the link/web/email address ‘bc1qxy2kgdygjrsqtzq2n0yrf2493p8…” would have triggered these reports:
- Account Takeover
- Malware / Phishing / Scam
Upon receiving the reports, the messages could have been caught and deleted faster, saving thousands of people a boatload of money and regret.
Here are more details on what IDShield scans and reports on specifically within Twitter:
- Potentially inappropriate self-tweets, self-re-tweets
- Potentially inappropriate mentions or direct messages from other users
- Any username or profile changes (potential account takeover)
Protecting yourself is more critical than ever before
We cannot stress this enough: help yourself, your family and your company. If you see suspicious messages, trust your gut and know it’s most likely a scam. Be proactive and use your resources.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.