YouTubeA hell of a lot of people were pretty surprised to see a tweet recently from politician and Black Lives Matter activist, DeRay Mckesson, endorsing Donald Trump.
The situation did however explain itself when it turned out he’d actually been hacked – but this was no normal hack.
I was hacked today: my Twitter account, two email addresses, & my phone. It was not due to passwords, they hacked my phone account itself.
— deray mckesson (@deray) June 10, 2016
It used a technique known as ‘social engineering’ which manipulates people to gain their trust so they’ll divulge personal information, reports Tech Mic.
They simply needed to last four digits of my social security number to gain full access to my @verizon account. https://t.co/EHTJhkTQE3
— deray mckesson (@deray) June 10, 2016
By calling @verizon and successfully changing my phone's SIM, the hacker bypassed two-factor verification which I have on all accounts.
— deray mckesson (@deray) June 10, 2016
[tweet https://twitter.com/deray/status/741356462610513920?ref_src=twsrc%5Etfw conversation=”false”]
So, it works something like this – millions of people’s social security information has been leaked online and hackers can access this data.
They can then impersonate you while on the phone with, for example, a customer service representative, gaining access to all manner of personal accounts.
WikipediaIn Mckesson’s case, the hacker managed to access his phone’s SIM – redirecting ID confirmation texts from Twitter to a different phone – thus giving them free reign over his social media account.
This video, produced by Fusion, shows the technique in action:
However, social engineering isn’t new. In fact, it’s been a common technique for decades.
But a recent surge in socially engineered hacks does mean service providers like Verizon and AT&T are strengthening their defences.
That’s obviously great, but it probably means the next time you’re looking for a favour from customer support, they’re going to be a lot harder to convince…
