View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 4, 2022updated 07 Jul 2022 8:11am

Social media platforms and users ‘need to do better’ to stop crypto scams like the British Army hack

Social media platforms and their users could do more to prevent crypto scams, experts warn after British Army hack.

By Ryan Morrison

Social media platforms, individuals and organisations all need to improve their security practices in order to prevent cryptocurrency scams, like the one that saw the British Army’s Twitter and YouTube accounts hacked this weekend, cybersecurity experts told Tech Monitor today.

“Prevention is an all-hands task,” said Rich Sanders, cybersecurity expert at CipherBlade, a firm that investigates and tracks Bitcoin and other cryptocurrencies in cybercrime cases.

account takeover attack
Security experts say social media platforms have an important role to play in preventing these attacks. (Photo: shaunl/iStock)

Successful account takeovers (ATOs), such as the hack on the British Army’s social accounts are relatively rare, Sanders said. More common is impersonation fraud, in which scammers set up fake accounts purporting to belong to high-profile people.

In both cases, while it is impossible to say how successful these attacks are, Sanders said: “All it takes is one victim to make the resources for impersonation fraud worth it.”

Social media platforms need to be more proactive in preventing account takeover attacks and deleting fake accounts, Sanders argued. “There are literally tens of thousands of fake Elon Musk and [Ethereum founder] Vitalik Buterin accounts on Twitter, and this has been the case for years.”

They also need to be quicker to block fraudulent ads and promotions, he said. “These scams are reported quickly and it does not require advanced training to determine which of these is or is not a scam.”

But is not just the platforms that are at fault, he added. For a prominent organisation such as the British Army to fall victim is “inexcusable” he said. “I’m not saying this to victim-shame, I’m saying this to be realistic and pragmatic.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“There is immense value in these accounts which far exceed the prospects of scamming people,” Sanders explained. “Imagine if, for example, those accounts were used to spread misinformation?

“They got lucky it was just used for a crypto scam,” he said, suggesting an ATO by Russia-aligned hackers could have been more damaging.

How to prevent social media hacks

The social media accounts of high-profile organisations may be vulnerable due to lax management of security credentials, Steven Dickens, Senior analyst from Futurum Research, told Tech Monitor.

“Oftentimes, junior social media managers are sharing credentials to the accounts and are therefore relatively easy for hackers to compromise through phishing or social engineering attacks,” Dickens said.

In 2020, the UK’s National Cyber Security Centre (NCSC) published advice for organisations on securing their social media accounts. This includes implementing a ‘sound password policy’ to ensure only authorised individuals can access accounts, and activating two-factor authentication.

NCSC advised that social media management tools, which marketers use to schedule and analyse social media posts, “should be given the same amount of protection as access to the social media platform itself”.

Organisations should also draw up a crisis response plan to prepare for a social media hack, NCSC said. “If your social media channel is hijacked by an attacker, your priority should be regaining control of the account to contain any damage, rather than trying to correct any malicious content that’s been posted.”

Read more: British Army Twitter and YouTube accounts hacked by crypto-scammers

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.