Believe it…despite the best technical defences, if the human is not secure then the system isn’t either Real-world example: 2016 Democratic National Committee (DNC) hack. Phishing Tactics
In July 2020, attackers gained access to Twitter’s internal tools and compromised several high-profile accounts, including those of Elon Musk, Jeff Bezos, Barack Obama, and Apple. The attackers used these accounts to promote a cryptocurrency scam, claiming they would double any Bitcoin sent to a specific wallet address.
The attackers targeted Twitter employees with phishing attacks via phone calls, posing as IT staff. They exploited the employees’ trust by convincing them to share login credentials for internal systems.
Once inside, they accessed Twitter’s internal “admin tools,” which allowed them to reset account passwords, bypass security measures, and post directly from the compromised accounts.
Over $100,000 worth of Bitcoin was stolen from unsuspecting users.
The breach exposed vulnerabilities in Twitter’s internal access controls and employee training regarding social engineering attacks.
Train employees. Regular training on recognising phishing and other social engineering tactics is critical.
Implement robust access controls. Limit employees’ access to sensitive systems.
Use multifactor authentication (MFA). Strengthen login security to reduce the impact of compromised credentials.
This incident highlights how social engineering can bypass technical defences by exploiting human trust.
