Bank of Melbourne Twitter Account HackedLast week, the Twitter account of the Bank of Melbourne was hacked and used to send direct messages containing phishing links to its followers. In a tweet, the bank said that: ATTN: Unauthorised DMs sent bw 4-5pm today, do not click link. No customer/personal data compromised. Apologies for the inconvenience.
A recently relaunched subsidiary of Westpac, the Australian bank engages heavily with its customers through its @BankofMelb Twitter account. However, the security of the account proved not to be up to scratch when hackers managed to gain access and used the account to send direct messages containing phishing links.The hacking of corporate Twitter accounts is nothing new, neither are phoney messages claiming to come from a bank. What makes this case rather unique - and worrying - is that the account itself is genuine, thus significantly adding to the credibility of the links.
Dancho Danchev believes that this is not the act of an amateur.
"Judging by the fact that the malicious attackers didn't just spread a prank or hacktivist message using the stolen credentials, it is highly likely that the attacker has a relatively advanced understanding of how the cybercrime ecosystem works," he revealed.
However, this case should act as a wake-up call for anyone using a corporate social media account: is it all very well to have strict security policies in place within an organization, but it is also important that these policies are extended to Twitter and other social media used for corporate purposes.