madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Bank of Melbourne Twitter account hacked, spreading phishing links

By | September 19, 2011, 8:42am PDT

Summary: The Twitter account of Bank of Melbourne was compromised last Wednesday, and was used to spread phishing links as direct messages to the account followers.

The Twitter account of Bank of Melbourne was compromised last Wednesday, and was used to spread phishing links as direct messages to the account followers, according to reports coming in from affected users.

In a tweet, the bank said that:

ATTN: Unauthorised DMs sent bw 4-5pm today, do not click link. No customer/personal data compromised. Apologies for the inconvenience. ^TT

Followed by another one, once the incident was resolved:

Thanks for all your support. We take security very seriously & will be strengthening our policies to further protect our social channels ^TT

It’s worth discussing how Bank of Melbourne got is social channel hacked in the first place. Moreover, what contributed to the ease of obtaining the login credentials for their Twitter account?

For starters, it would have been highly impractical to brute force the password for their Twitter account, no matter the fact that the CAPTCHA-solving process could be outsourced to vendors offering CAPTCHA-solving services to assist in brute forcing attacks.

Judging by the fact that the malicious attackers didn’t just spread a prank or hacktivist message using the stolen credentials, it is highly likely that the attacker has a relatively advanced understanding of how the cybercrime ecosystem works. By spamvertising the phishing link using direct messages as an evasive element of the campaign, the attacker is attempting to take advantage of the trust factor established by the nature of direct messages.

Was Bank of Melbourne a victim of phishing attack, is there any chance that a malware-infected host within their network was successfully data mined for stolen Twitter credentials.

What do you think?

Talkback.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Bank, Twitter Inc., Phishing, Cyberthreats, Spam, Viruses And Worms, Financial Services, Security, Spam And Phishing, Finance, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 4 Talkback(s)

  • RE: Bank of Melbourne Twitter account hacked, spreading phishing links
    "No customer/personal data compromised..."

    How, exactly, would they know this? If the hijacker sent out links, I don't see BofM being able to track if any of there customers clicked thru...

    As an Admin for Bank who doesn't leverage social media for this reason (and others)... I'd be curious to know of the "steps taken" to further strengthen their policies?

    sole use pc in a dmz for social? read only vm? I'm doubting it. Makes me wonder what other credentials were given up as well (of course, if that's the case, why would they show their hand hacking a twitter acct)
    ZDNet Gravatar
    UrNotPayingAttention
    20th Sep
  • RE: Bank of Melbourne Twitter account hacked, spreading phishing links
    This is awful! Is the web safe anymore?
    You guys need to do an article on what kind of security we need for our PC's. I'm average girl and work hard for my money. I don't want to get hacked. Where do I find the Best Antivirus 2012? Is that site good? or should I get free AV protection?
    ZDNet Gravatar
    reviewsgirl
    20th Sep
  • RE: Bank of Melbourne Twitter account hacked, spreading phishing links
    m2 pvp serverlar tan??t??m?? pvp serverler mt2 private servers metin2 pvp serverler metin2 games metin2 pvp serverlar
    mt2 pvp servers pvp metin2 online games mt2 pvp m2 games servers metin2
    private servers mt2 private server m2 private online game metin 2
    g??zel s??zler roms guzel sozler
    face 100 ifadeleri yemek tarifleri yemek tarifleri face guncel news face t He Facebook land facebook
    games hiller metin2 hile games dowland metin2 indir

    chat
    mynet
    sex
    sex hikayeleri
    ZDNet Gravatar
    sirnem
    20th Sep
  • RE: Bank of Melbourne Twitter account hacked, spreading phishing links
    Hi Dancho,

    I would say a phishing attack would seem the most likely way that the hackers obtained the Twitter credentials and could also explain why the bank knows that no customer/personal data was compromised.

    Lately there have been reports of false Twitter notifications. By clicking on the links in these emails you could be infected with a virus or perhaps you might be asked to enter your Twitter credentials. Unwittingly you are not logging in to Twitter but instead providing your Twitter password to phishers. Best security practice: only respond to direct messages and check out new followers by going to the Twitter website.

    Deborah Galea, contributor to Email Security Blog: http://blog.policypatrol.com.
    ZDNet Gravatar
    redearthsoftware
    29th Sep

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources