The news that Twitter has suffered a phishing attack – again – is hardly news in itself. What is important news is that it shines a spotlight on how sophisticated hacking is becoming – and how dangerous.
If you get an email from Joe Biden, Barack Obama or Bill Gates, you laugh at the crassness of the attempt, so you click on the ‘from’ button and, lo and behold, it is actually from firstname.lastname@example.org, who you certainly do not recognise. So, you delete it and move on.
The problem with Twitter is that if you get a tweet from Bill Gates and you check the sender you will find it really is from Gates. At least from his account and not the highly dubious email@example.com – which makes it very believable.
The good news is that the current attempt at fooling people involves these august gentlemen encouraging you to double your money by investing in bitcoin. Plus, it contains the rather wonderful spelling error – ‘greatful’ not ‘grateful’.
Amateur phishing attempts like this are one thing, and even slightly amusing.
But they are much more effective if you downplay the level of person you hack and use for your phishing trip. So, say, your CEO or your local politician and use them as your attack vector.
Now, up the game on the other side – so instead of trying a rather childish ruse to get people to put money into your account by ‘investing’ in bitcoin (we would be most greatful) send another message, a piece of advice, a warning about phishing even, a local charitable fund raising event supported by your CEO – that level of approach.
Add them together and you have a real problem, particularly if, as suspected, an insider gave the hackers the tools to attack with. That is another story about management, morale, loyalty and internal security.
Phishing and other scams are getting worse. And the pandemic is intensifying the myriad of campaigns to grab money, passwords and accounts – feeding on the fear that the pandemic brings with it. There are even intelligence reports emerging of Russian hackers trying to steal cures for the virus.
Cybersecurity is now one of the major issues of our time (and not just technical) and we still lag behind – and always will. It is one thing to play catch up, but predicting what humans with evil intent are going to do next is never going to be realistic.
Twitter may be the latest victim of a phishing attack, which means its users will suffer, trust will be lost and ultimately social media might change forever. This attack will not be the last and everyone should be extra vigilant. Especially now.
And, as Keld van Schreven says, building defences against the dark art of phishing may rely on blockchain solutions.