Kaspersky Statement on Twitter Scam
"Hacking into popular accounts to publish scam messages isn't a new practice, neither is the doubling the donation scam. What is curious in this case is the scale of the attack and the fact that the actor completely took over the verified accounts - their emails have been changed, so the owners aren't able to get access back quickly enough," commented Dmitry Galov, security researcher at Kaspersky.
This scam was extremely effective - the amount gathered from the victims now equals over 120 000 USD, and this is just in one day. I think there are two major takeaways from this incident. First, users need to be aware of scams and stay cautious on social media; they need to be able to recognize them. Second, we need to be extra careful with our online assets-anything critical has to have, at a minimum, two-factor authentication," added Galov.
"This major scam highlights the fact that we are living in an era when even people with computer skills might be lured into scammers' traps, and even the most secure accounts can be hacked. According to our estimates, during the two hours of the attack, at least 367 users transferred around 120,000 dollars in total to attackers. Cybersecurity is undoubtedly one of the top priorities of all major social media platforms, and they put efforts in preventing many attacks every day. However, neither websites nor software is entirely immune to bugs, nor is the human factor immune to mistakes. Therefore, any native platforms might be compromised. Today we see how, along with new attack vectors, scams combine old and effective techniques, use a surprise element, and gain people's trust to facilitate the attack and lure victims into a trap. For instance, it might be a mixture of supply chain attacks with social engineering. In addition, the threat actors might gain access to victim's account in other ways. For instance, they might penetrate a third-party app with access to the user's profile, or users' passwords might be brute-forced.
However, we urge everyone not to panic and simply accept a new mindset: social media account users require a responsible approach and thorough protection, but we are not lambs to the slaughter. This incident might mean we all need to take some time to reassess our approach to our relationships with social media and accounts' security, but once we do so , it will become evident that we possess knowledge and instruments to recognize even the most elaborate scam and minimize its impact," said Dmitry Bestuzhev, cybersecurity expert at Kaspersky