Every-day millions of Phishing emails are sent out across the internet containing malicious files, links, or instructions. Attackers use these emails to gather information, gain access to accounts, or manipulate employees. A recent, high profile example of this attack happened to Twitter on July 16th.
Attackers used phishing emails to gain access to internal slack channels; where they continued impersonating Twitter employees. After some time and manipulation attackers were able to get employees to provide them with credentials to internal admin tools. With access to these administrative tools attackers were able to reset the email accounts and bypass multi-factor authentication on many high-profile politician, celebrity, and business owners’ accounts. This even included 2 former presidents of the United States.
Once access was gained attackers had unlimited access to these accounts, including the ability to download all data associated with the accounts, which contains sensitive information like direct messages and location tracking. As we rely on social media more and more every day we are seeing the power it holds. A simple tweet from a compromised account could be used to spark conflict, manipulate markets or ruin reputations.
This attack is a great example of how social engineering combined with phishing can be used to infiltrate any organization, or turn employees, sometimes unknowingly, into insider threats. We protect our LinkTech Protect customers from these types of attacks by educating employees, implementing user friendly phishing reporting solutions and using AI (ATP) to scan all emails for malicious links, attachments, and known phishing email formats.
Comments