May 20, 2013 by Ryan Miller
Over the last few months a rash of social account hacks of major media outlets have been generating headlines across the industry. In just the month of April alone, the accounts of the Associated Press, NPR, The Guardian and CBS were all breached, with the AP incident causing the biggest stir. The hackers of the AP’s Twitter account posted a fake White House bombing message that drove the Dow industrials down one percent before recovering, highlighting how much of a focus Twitter has become in breaking news. Just the past week, The Financial Times Twitter account was also hacked by the Syrian Electronic Army in response to Western media, in their words, “broadcasting fabricated news about what is happening in Syria.”
Several of these news organizations later reported exactly how the hackers gained access to their accounts. It turns out that individual reporters were targeted with cleverly disguised emails, designed to get them to disclose their passwords. In the case of the AP, as many as 50 reporters were victim to the attack. The Guardian and The AP later sent out warning information to their staffs, with more information about these attacks to help prevent a breach from happening again.
These disguised emails, which are part of scam known as phishing, are sent by cybercriminals to retrieve password information or install malicious software on your computer that can result in the hacking of a social media account. In the message, the sender pretends to be a representative of a legitimate organization, or specifically in the case of the Financial Times, the message promoted a fake news story and website were provided. These emails attempt to trick the recipient into divulging important personal information like passwords or bank account numbers. Often times, this requires the recipient to click on a link within the email. Once they’ve clicked, the user is then prompted to enter password and personal information, which is sent to the hackers allowing them to log on to an account.
Phishing attacks are often sent through email, though there are also cases where links may be sent to users via Tweets. Clicking these links will trigger the form prompting the user to submit password data or turn over personal information, or it may try to convince the user to install malicious software. This is also referred to a social engineering.
Everyone is vulnerable to phishing emails and every email that is sent to you should be read and approached with caution. One of the most important things to remember is to look at the actual link, rather than the linked text, before clicking and only clicking trusted sites. Microsoft outlines how to check the link, and provides other tips on how to watch out for phishing attacks and other malicious activity.
Category Social Media | Tags: