Twitterverse’s Spearphishing Agony

The Twitter feeds of the BBC, the AP and the Guardian have all been compromised.  This fake tweet from the real AP Twitter account:

fake tweet

caused $140 billion in stock market losses.

In response to these events, Twitter issued a memo to the press  in which Twitter gives various recommendations on how to deal with the spearphishing problem. While this memo gives sound advice, the recommendations do not address the core spearphishing problem.

What is the core spearphishing problem? Deception is the core spearphishing problem. In spearphishing, the bad guys send socially engineered emails which initiate a process which steals credentials.  The spearphisher’s job is to create an email which will deceive the intended victim.  This is the email that was used to steal the AP Twitter credentials:

fake AP email

When the link was clicked in this seemingly benign email from a colleague, a series of events were initiated which resulted in the compromise of the Twitter credentials.

Employees’ email decisions can compromise security.  IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.


Comments are closed.