Social Engineering – Case Study

The Twitter Hack

On 15th July 2020, a number of high-profile Twitter accounts were hacked. Around 130 accounts were targeted, though Twitter claims that only a small number of these were actually compromised by the cyber criminals. The hack began by creating Bitcoin-related accounts, posting a scam with the intention of being sent Bitcoin. The attacker then gained access to prominent accounts, such as Barack Obama, Kim Kardashian and Joe Biden. From these accounts, a Bitcoin scam was posted, claiming to be giving back double any amount of Bitcoin sent to the link provided. Twitter reacted quickly, blocking most verified accounts from being able to tweet temporarily whilst they fixed the issue. It is thought that the hacker was skilled but inexperienced, and though many saw the tweets as a scam from the outset, the attackers still managed to gain over $100,000. 

This attack can be seen as a form of social engineering in many ways. First, the attacker was impersonating multiple public figures. As known names, people are more likely to trust them and listen to what their tweet is saying. Secondly, the incentive of spending money to get double back plays on emotions by making the victim feel that sending the money is very much worth their while. Similarly, most tweets created a sense of urgency in their approach, claiming that the celebrity would only be doubling Bitcoin for the next thirty minutes. Many tweets such as that from Obama’s account stated that the money would be helping with Covid-19 relief, again playing on emotions by making it seem that the money would be going to a good cause. The combination of tweeting from well known accounts, as well as using emotional tactics meant that people fell victim to the attack and were scammed out of money.