Security News > 2020 > July > Breach of high-profile Twitter accounts caused by phone spear phishing attack
Twitter has confirmed that the breach of several high-profile accounts that occurred on July 15 was caused by a phone spear phishing attack that targeted a small number of employees.
Using the credentials of the affected employees, the attackers managed to compromise 130 different Twitter accounts, including those of Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, and Barack Obama, according to Twitter.
Spear phishing refers to a type of phishing attack in which criminals email specific individuals with the goal of gaining their account credentials or other sensitive information.
Twitter didn't explain what it meant by a "Phone spear phishing attack." This could mean that the attackers actually called certain employees by phone rather than using email to find out their credentials, or it could mean targeted employees received a message by phone or email convincing them to call a certain person masquerading as a legitimate Twitter administrator.
"A phone phishing attack would be similar , but instead the targets are telephoned and the criminal would attempt to elicit information, in this case, probably their account credentials," Mike McLellan, senior security researcher for Secureworks, told TechRepublic.
News URL
Related news
- Russian Star Blizzard Targets WhatsApp Accounts in New Spear-Phishing Campaign (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)