Andy Greenberg at Wired has published an interesting article, describing how there have been a spate of “phone spear phishing” attacks since celebrity accounts on Twitters were very publicly compromised last month.
You will remember that Twitter confirmed that members of staff were rung up by scammers, who then socially engineered their victims into handing over credentials which gave the hackers access to Twitter’s internal tools. Those tools, which should have only been available to authorised personnel (and perhaps, in retrospect, not 1000+ employees and contractors) could then be used to reset passwords and disable two-factor authentication.
According to New York-based security outfit Unit 221b, which has been helping the FBI with its investigation into the Twitter hack, the same “voice phishing” techniques have been used against banks, web hosts, and cryptocurrency exchanges, in recent weeks.
No comments:
Post a Comment