View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 4, 2022updated 07 Jul 2022 8:11am

Social media platforms and users ‘need to do better’ to stop crypto scams like the British Army hack

Social media platforms and their users could do more to prevent crypto scams, experts warn after British Army hack.

By Ryan Morrison

Social media platforms, individuals and organisations all need to improve their security practices in order to prevent cryptocurrency scams, like the one that saw the British Army’s Twitter and YouTube accounts hacked this weekend, cybersecurity experts told Tech Monitor today.

“Prevention is an all-hands task,” said Rich Sanders, cybersecurity expert at CipherBlade, a firm that investigates and tracks Bitcoin and other cryptocurrencies in cybercrime cases.

account takeover attack
Security experts say social media platforms have an important role to play in preventing these attacks. (Photo: shaunl/iStock)

Successful account takeovers (ATOs), such as the hack on the British Army’s social accounts are relatively rare, Sanders said. More common is impersonation fraud, in which scammers set up fake accounts purporting to belong to high-profile people.

In both cases, while it is impossible to say how successful these attacks are, Sanders said: “All it takes is one victim to make the resources for impersonation fraud worth it.”

Social media platforms need to be more proactive in preventing account takeover attacks and deleting fake accounts, Sanders argued. “There are literally tens of thousands of fake Elon Musk and [Ethereum founder] Vitalik Buterin accounts on Twitter, and this has been the case for years.”

They also need to be quicker to block fraudulent ads and promotions, he said. “These scams are reported quickly and it does not require advanced training to determine which of these is or is not a scam.”

But is not just the platforms that are at fault, he added. For a prominent organisation such as the British Army to fall victim is “inexcusable” he said. “I’m not saying this to victim-shame, I’m saying this to be realistic and pragmatic.

“There is immense value in these accounts which far exceed the prospects of scamming people,” Sanders explained. “Imagine if, for example, those accounts were used to spread misinformation?

Content from our partners
Why enterprises of all sizes must  embrace smart manufacturing solutions
European Technology Leadership: Deutsche Bank CTO Gordon Mackechnie
Print’s role in driving the environmental agenda

“They got lucky it was just used for a crypto scam,” he said, suggesting an ATO by Russia-aligned hackers could have been more damaging.

How to prevent social media hacks

The social media accounts of high-profile organisations may be vulnerable due to lax management of security credentials, Steven Dickens, Senior analyst from Futurum Research, told Tech Monitor.

“Oftentimes, junior social media managers are sharing credentials to the accounts and are therefore relatively easy for hackers to compromise through phishing or social engineering attacks,” Dickens said.

In 2020, the UK’s National Cyber Security Centre (NCSC) published advice for organisations on securing their social media accounts. This includes implementing a ‘sound password policy’ to ensure only authorised individuals can access accounts, and activating two-factor authentication.

NCSC advised that social media management tools, which marketers use to schedule and analyse social media posts, “should be given the same amount of protection as access to the social media platform itself”.

Organisations should also draw up a crisis response plan to prepare for a social media hack, NCSC said. “If your social media channel is hijacked by an attacker, your priority should be regaining control of the account to contain any damage, rather than trying to correct any malicious content that’s been posted.”

Read more: British Army Twitter and YouTube accounts hacked by crypto-scammers

Topics in this article: , ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU