2 min read

Official British Army Twitter and YouTube accounts hijacked by NFT scammers

Graham CLULEY

July 04, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Official British Army Twitter and YouTube accounts hijacked by NFT scammers

Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers yesterday.

Although many might have imagined those responsible for the hack might have been a foreign state's cyberwarfare unit, the perpetrators appear to have been scammers exploiting interest in non-fungible tokens (NFTs).

The British Army's verified Twitter account was flooded with promotions related to giveaways and competitions related to NFTs, aimed at enticing its 362,000 followers to visit a scam minting website.

Unwary followers were told that they could win hyped-up NFT digital artworks of cartoon robots and robots in a raffle.  At the same time the profile pictures and account details were changed to promote the NFT promotion.

Meanwhile, the army's YouTube channel, with some 178,000 subscribers, was rebranded to resemble that of investment management firm ARK Invest, and published faked videos of Elon Musk promoting "double your money" cryptocurrency scams.

A spokesperson for the British Army confirmed on Twitter that they were back in control of their social media accounts, and that the security breach was being investigated:

"The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway.  The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further."

Although an explanation for the social media security breach has not been shared publicly, likely possibilities include that someone in the British Army's social media team has been careless with their password and/or that multi-factor authentication was not in place to make it harder for unauthorised users to gain access.

In the past there have been many incidents of, say, Twitter accounts being hijacked by mischief-makers and scammers after passwords were either guessed or phished.  In many cases, organisations and individuals have made the mistake of reusing passwords they use elsewhere on the internet, choosing weak or easy-to-guess passwords, or carelessly sharing them online.

It's also sadly still common for social media users to have not enabled two-factor authentication on their accounts, which can make it much more difficult for hackers to gain access even if they do manage to determine an account's password.  Instructions for how to enable 2FA on Twitter and YouTube accounts are, one hopes, now being shared within the British Army to anyone who hasn't yet enabled these and similar security features.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Matrix Releases Updates to Patch Critical End-to-end Encryption Vulnerabilities Matrix Releases Updates to Patch Critical End-to-end Encryption Vulnerabilities
Vlad CONSTANTINESCU

September 30, 2022

2 min read
US Taxpayers Urged to Stay Vigilant as Major IRS-Themed Smishing Campaign Unfolds US Taxpayers Urged to Stay Vigilant as Major IRS-Themed Smishing Campaign Unfolds
Filip TRUȚĂ

September 29, 2022

1 min read
Auth0 Discloses Security Incident, Says Source Code Repos Were Likely Stolen Auth0 Discloses Security Incident, Says Source Code Repos Were Likely Stolen
Vlad CONSTANTINESCU

September 29, 2022

1 min read