SlideShare a Scribd company logo

Twitter bitcoin scam_jul_2020

S
Sujeet Rane

In July 2020 a crypto scam affected millions of Twitter users. The scam used 130 public figure and company accounts to scam users to deposit money in Bitcoin wallets. Victims lost about USD 118K in two days. The scammer, is likely to have used social engineering techniques such as phishing to gain access to inside systems. The attached document deconstructs the scam and offers lessons to be learnt from this incident.

Technology
1 of 6
Download to read offline
Deconstructing the Twitter Crypto Scam
WHAT happened? • Twitter users were targeted with a crypto scam. • 130 accounts were hacked, using them millions were targeted. • The accounts used for the scam were public figures like, Elon Musk, Bill Gates, and Barack Obama. • Company accounts such as Apple, Uber were also used. • Scam ran for two days (15 – 16 July) before Twitter took action. • Victims lost a total of USD 118K.
HOW it happened? • The scammer used Bitcoin wallet to remain untraceable. • The scammer used social engineering attacks on Twitter employees to gain access to internal systems and tools. • The scammer turned Twitters own tools against them to access accounts and posted tweets on their behalf. • Multi-factor authentication was bypassed. • Personal information of the account holders was accessed.
HOW Twitter responded? • Twitter support worked to investigate and mitigate the issue. • Locked affected accounts so they could not tweet. • Secured access to the internal systems. • Contacted affected users individually to regain access. • Provided updates about the scam to the community using blog post.
What is the AFTERMATH? • Twitter will have to fix gaps in the company’s security awareness program to avoid social engineering attacks in the future. • Twitter faces huge fines under the European GDPR. • Twitter may face huge fines from US FTC (fair Trade Commission). • Twitter users who fell for the scam collectively lost USD 118K in two days. • BitTorrent and Tron founder Justin Sun announced a USD 1 million bounty to track down the hackers.
What are the key TAKEAWAYS? • Social engineering attacks are best prevented by improving user awareness. Companies should regularly test and review their employees for cyber security awareness. • A tool in the wrong hands can do harm. Learning from Twitter’s mistake, companies should control access for such critical business tools to limited users. • Companies like Twitter that have a public platform must understand that the platform can be used to scam users. Content moderation must be planned and implemented. • Users should not blindly trust unvalidated content. Messages received on SMS, emails and social media must be validated before acting on.

Recommended

Payment fraud
Payment fraudPayment fraud
Payment fraud
Ramiro Cid
 
Telephone fraud PPT for Fraud Conference at Portsmouth University, 2014
Telephone fraud PPT for Fraud Conference at Portsmouth University, 2014Telephone fraud PPT for Fraud Conference at Portsmouth University, 2014
Telephone fraud PPT for Fraud Conference at Portsmouth University, 2014
Audrius Sapola
 
E commerce industry in india
E commerce industry in indiaE commerce industry in india
E commerce industry in india
Eminenture
 
Digital Marketing Strategy for Keventeers by Abhishekh Rasane and Ayushman Jain
Digital Marketing Strategy for Keventeers by Abhishekh Rasane and Ayushman JainDigital Marketing Strategy for Keventeers by Abhishekh Rasane and Ayushman Jain
Digital Marketing Strategy for Keventeers by Abhishekh Rasane and Ayushman Jain
Indian Institute of Digital Education
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Cyber crime and security 1
Cyber crime and security 1Cyber crime and security 1
Cyber crime and security 1
indhuchezhian
 

Recommended

Payment fraud
Payment fraudPayment fraud
Payment fraud
Ramiro Cid
 
Telephone fraud PPT for Fraud Conference at Portsmouth University, 2014
Telephone fraud PPT for Fraud Conference at Portsmouth University, 2014Telephone fraud PPT for Fraud Conference at Portsmouth University, 2014
Telephone fraud PPT for Fraud Conference at Portsmouth University, 2014
Audrius Sapola
 
E commerce industry in india
E commerce industry in indiaE commerce industry in india
E commerce industry in india
Eminenture
 
Digital Marketing Strategy for Keventeers by Abhishekh Rasane and Ayushman Jain
Digital Marketing Strategy for Keventeers by Abhishekh Rasane and Ayushman JainDigital Marketing Strategy for Keventeers by Abhishekh Rasane and Ayushman Jain
Digital Marketing Strategy for Keventeers by Abhishekh Rasane and Ayushman Jain
Indian Institute of Digital Education
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Cyber crime and security 1
Cyber crime and security 1Cyber crime and security 1
Cyber crime and security 1
indhuchezhian
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
Bradford Bach
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
Radiant Minds
 
Complete marketing analysis of Flipkart.
Complete marketing analysis of Flipkart. Complete marketing analysis of Flipkart.
Complete marketing analysis of Flipkart.
Piyush Kapoor
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
stollen_fusion
 
Botnet
Botnet Botnet
Botnet
PriyanKa Harjai
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
Adityakumar Yadav
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Ppt growing need of cyber security
Ppt growing need of cyber securityPpt growing need of cyber security
Ppt growing need of cyber security
yatendrakumar47
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
Dinesh O Bareja
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
Cut 2 Shreds
 
Identity theft
Identity theftIdentity theft
Identity theft
Eqhball Ghazizadeh
 
Cyber security
Cyber securityCyber security
Cyber security
Shivaani srinivas iyer
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
SHERALI445
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
Sazed Salman
 
Cyber Crime PPT
Cyber Crime PPTCyber Crime PPT
Cyber Crime PPT
AnandKaGe
 
Cyber security(2018 updated)
Cyber security(2018 updated)Cyber security(2018 updated)
Cyber security(2018 updated)
PrabhatChoudhary11
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
Theko Moima
 
Tik tok case study
Tik tok case studyTik tok case study
Tik tok case study
Ming Liu
 

More Related Content

What's hot

E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
Radiant Minds
 

What's hot (20)

Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
E business internet fraud
E business internet fraudE business internet fraud
E business internet fraud
 
Complete marketing analysis of Flipkart.
Complete marketing analysis of Flipkart. Complete marketing analysis of Flipkart.
Complete marketing analysis of Flipkart.
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Botnet
Botnet Botnet
Botnet
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Ppt growing need of cyber security
Ppt growing need of cyber securityPpt growing need of cyber security
Ppt growing need of cyber security
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 
Cyber Crime PPT
Cyber Crime PPTCyber Crime PPT
Cyber Crime PPT
 
Cyber security(2018 updated)
Cyber security(2018 updated)Cyber security(2018 updated)
Cyber security(2018 updated)
 

Similar to Twitter bitcoin scam_jul_2020

O'leary Cyber Secutiry
O'leary Cyber SecutiryO'leary Cyber Secutiry
O'leary Cyber Secutiry
sefreed
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
gagan internship.pptx
gagan internship.pptxgagan internship.pptx
gagan internship.pptx
MamthaMam1
 

Similar to Twitter bitcoin scam_jul_2020 (20)

Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
 
Tik tok case study
Tik tok case studyTik tok case study
Tik tok case study
 
Ethics in Information Technology
Ethics in Information TechnologyEthics in Information Technology
Ethics in Information Technology
 
Cyber security for engg students and diploma
Cyber security for engg students and diplomaCyber security for engg students and diploma
Cyber security for engg students and diploma
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
O'leary Cyber Secutiry
O'leary Cyber SecutiryO'leary Cyber Secutiry
O'leary Cyber Secutiry
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing Conference
 
Tik Tok's Sleight of Hand: The Trojan Horse invited to reside on our smartpho...
Tik Tok's Sleight of Hand: The Trojan Horse invited to reside on our smartpho...Tik Tok's Sleight of Hand: The Trojan Horse invited to reside on our smartpho...
Tik Tok's Sleight of Hand: The Trojan Horse invited to reside on our smartpho...
 
finance and accounting
finance and accountingfinance and accounting
finance and accounting
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
 
Security risks with fake apps
Security risks with fake appsSecurity risks with fake apps
Security risks with fake apps
 
Cyber crime and issues
Cyber crime and issuesCyber crime and issues
Cyber crime and issues
 
gagan internship.pptx
gagan internship.pptxgagan internship.pptx
gagan internship.pptx
 
Security Management
Security ManagementSecurity Management
Security Management
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
NYPD Twitter Strategy
NYPD Twitter StrategyNYPD Twitter Strategy
NYPD Twitter Strategy
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Twitter bitcoin scam_jul_2020

  • 2. WHAT happened? • Twitter users were targeted with a crypto scam. • 130 accounts were hacked, using them millions were targeted. • The accounts used for the scam were public figures like, Elon Musk, Bill Gates, and Barack Obama. • Company accounts such as Apple, Uber were also used. • Scam ran for two days (15 – 16 July) before Twitter took action. • Victims lost a total of USD 118K.
  • 3. HOW it happened? • The scammer used Bitcoin wallet to remain untraceable. • The scammer used social engineering attacks on Twitter employees to gain access to internal systems and tools. • The scammer turned Twitters own tools against them to access accounts and posted tweets on their behalf. • Multi-factor authentication was bypassed. • Personal information of the account holders was accessed.
  • 4. HOW Twitter responded? • Twitter support worked to investigate and mitigate the issue. • Locked affected accounts so they could not tweet. • Secured access to the internal systems. • Contacted affected users individually to regain access. • Provided updates about the scam to the community using blog post.
  • 5. What is the AFTERMATH? • Twitter will have to fix gaps in the company’s security awareness program to avoid social engineering attacks in the future. • Twitter faces huge fines under the European GDPR. • Twitter may face huge fines from US FTC (fair Trade Commission). • Twitter users who fell for the scam collectively lost USD 118K in two days. • BitTorrent and Tron founder Justin Sun announced a USD 1 million bounty to track down the hackers.
  • 6. What are the key TAKEAWAYS? • Social engineering attacks are best prevented by improving user awareness. Companies should regularly test and review their employees for cyber security awareness. • A tool in the wrong hands can do harm. Learning from Twitter’s mistake, companies should control access for such critical business tools to limited users. • Companies like Twitter that have a public platform must understand that the platform can be used to scam users. Content moderation must be planned and implemented. • Users should not blindly trust unvalidated content. Messages received on SMS, emails and social media must be validated before acting on.