Are you doing enough to prevent scammers from hijacking your social media accounts?
Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it’s possible that you’ve overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your followers.
That’s a lesson that internet entrepreneur Carl Pei, the co-founder of smartphone firm OnePlus, has hopefully learned after cryptocurrency scammers used his Twitter account to send a fraudulent message to his 330,000 followers this week.
The fraudulent message announced Pei’s new company (which is literally called “Nothing”) was entering the world of cryptocurrency, and invited followers to send their Ethereum cryptocurrency to a wallet if they wanted to invest in the project.
As Pei describes, hackers were able to post the message having compromised his IFTTT account:
Through permissions granted to my @IFTTT which was hacked, this Tweet was injected asking for your ETH. Please do not send any ETH or your personal info to cryptocurrency accounts claiming to be @Nothing. I’ve deleted all 3rd party apps connecting to my Twitter.
IFTTT (If This Then That) is a handy online platform that allows internet users to automate processes between a wide variety of apps, devices, and services. For instance, you could program an internet-connected bulb on your porch to light up when a pizza is about to be delivered, or automatically tweet out photographs that you post on your Instagram account if they have a certain hashtag.
Pei had connected IFTTT to his Twitter account, presumably to automate the posting of some tweets. That isn’t unusual – in fact, it’s something I did myself some years ago.
But it does mean that you need to connect IFTTT to your Twitter account, granting it posting (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/cryptocurrency-scam-attack-twitter-check-app-connections/