22 Sep 2020

Social Engineering Attack: How Some Famous Twitter Accounts were hacked in recent days?

We all used to believe that it was impossible to hack Facebook, Twitter accounts, even though if some news had come still we made believe that it happened due to some user’s fault. But in recent times what happened it was completely shocking for the world as it has just broken the myth which we always believed.

But in July 2020 an event that has shocked the entire world because this hack had so much potential to make upheaval in the world’s industries.

On 15 July a tweet; you can say all tweet who looked almost identical were tweeted from various top business man’s twitter account. It came one by one from everyone’s account (only above businessmen) (See the tweets below section courtesy~ Twitter)

After 13 tweets from various accounts of celebrities, leaders official team of Twitter looked into this matter and stopped this hack and apologized to everyone. Also they put some inquiry on this event. Twitter announced that it happened due to the social engineering attack. So the question is-

 

 What is a Social Engineering attack? 

Social engineering attack is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to the building, system, or data.

It’s one of the hacking where humans are targeted instead of machines. The reason is that its human nature that makes us so vulnerable.

Let me explain with one example:

So just imagine a person is working in an organization for many years. he is working so he has all kinds of access i.e. Entry Biometric, Login pass, and other confidential information. Now imagine if an attacker is recruited in that organization so he will try to catch-up employees who manage admin information, by the time he will act friendly and will notice every small important information and in some time he might have access to some confidential data through old working employees. And at last, this kind of attack occurs.

As you know any algorithm of security can detect unauthorized activity but if an unauthorized person gets the authorized details of any organization then an algorithm cannot detect that because it has no pattern that can check human intention.

Sometimes ex-employees perform this kind of attack as they know many kinds of confidential data that they acquired while they were working.

 

Social Engineering Attack Cycle

Social Engineering Attack Cycle

How to avoid this attack?

There are some ways to prevent it:

  1. Don’t open attachments of the spam folder
  2. Don’t share your credentials with anyone.
  3. Don’t trust anybody on the internet if that person is a stranger.
  4. Be loyal don’t get trapped on scammers.

Although the above things can not address all human aspects still it is a challenge for every organization. That is why after having such kind of security algorithms still big companies like TwitterYahoo had to face these issues. There are a lot of solutions and detecting methods yet to find and I hope this would be solved in the future.[/vc_column_text][/vc_column][/vc_row]