14 DAY TRIAL // The Twitter account belonging to Bank of Melbourne was taken over by a cybercriminal with the purpose of spreading phishing links to their followers.
Social media accounts seem to have become primary targets for many hackers, as they keep taking over official ones in the attempt to infect the computers of those who read the posts.
ZDNet questions the bank's security methods in protecting their social channels.
Bank customers first found out about the hit after a tweet was posted right after the attack began.
“ATTN: Unauthorised DMs sent bw 4-5pm today, do not click link. No customer/personal data compromised. Apologies for the inconvenience. ^TT “
Dancho Danchev believes that this is not the act of an amateur.
“Judging by the fact that the malicious attackers didn’t just spread a prank or hacktivist message using the stolen credentials, it is highly likely that the attacker has a relatively advanced understanding of how the cybercrime ecosystem works,“ he revealed.
I've taken a look at the bank's Twitter messages to see how they're handling the situation. Hundreds of tweets were sent to their customers to reassure them that everything has returned to normal.
“Good news, guys: Issue's all resolved & we're back to normal. Send a tweet if you need anything.”
Because most of their clients trust them, some of them unknowingly clicked the malicious links posted during the attack, so the institution advises them not to “click that link, but if you have, change your Twitter password.”
A while later the bank stated “We've strengthened our security & no customer or personal details were compromised. Let us know if you need anything.”
This should be considered a lesson to all the organizations who own such social media accounts. By what we've seen lately, it's clear that most of them are not sufficiently protected and the image of a highly respected institution can suffer greatly after such a hacking operation.