Social Engineering: A Plague on Crypto and Twitter, Unlikely to Stop

These so-called social engineering attacks are growing in sophistication, and while the Twitter case is being prosecuted vigorously, the broader problem is unlikely to end soon, security experts said.

The attackers could have sown much chaos considering they controlled the megaphones of a presidential candidate and several CEOs.The social media platform was compromised in mid-July after a successful "Social engineering" attack targeting its employees, Twitter initially concluded.

"Social engineering is the concept of essentially tricking people into doing something they shouldn't," said Yonathan Klijnsma, a threat researcher at the cybersecurity company RiskIQ. "It can be as simple as falling for a phishing attack or, in more elaborate cases, where individuals are social engineered in real life or over the phone to perform actions they normally wouldn't do."

For years they've been a popular target of a subset of social engineering attacks known as SIM swaps.

This allows the attacker to use or bypass the victim's two-factor authentication tools to access crypto wallets or social media profiles.

Nixon said she has seen evidence the Twitter attackers used tactics similar to ones that originated in the SIM swap community, which she has studied for years.

"These people cut their teeth attacking telecommunications and are now attacking other companies, and they're extremely effective," she said.

Haseeb Awan, CEO of Efani, a company that offers secure SIM cards to consumers, estimated around 1,000 people fall victim to SIM swap attacks every day, although "a lot of victims don't come forward."

In his view, many companies have moved away from these basic practices, allowing attacks like SIM swaps and other forms of social engineering to flourish.

Larger businesses such as Equifax or Twitter may also not be motivated to limit their potential for falling victim to these types of attacks, both Aloor and Nixon said.