Security researchers discovered a new clever method (Doubleswitch) currently being used by attackers to take over verified Twitter accounts and rename them to famous people to spread false news.
The truth is, social media networks when used strategically over time is the most powerful form of marketing and market research the world has ever seen, but not everything shared social media is true.
The new “Doubleswitch” attack is not unique to Twitter, the attack can also work on Facebook and Instagram. The attack performs the standard recovery mechanisms useless, allowing the attacker to take control over the victim’s account for a longer period of time.
How does it work?
– The attacker gain access to your account through “Phishing” or other methods.
– The attacker will change your username and the associated email address.
– The attacker will create a new account with your original username, but with their email address.
– The victim will be locked out of the account, and can’t use the standard recovery processes to get it back (the automated recovery email will go to the attacker).
– The attacker will steal the victim’s identity on the platform.
Recommendations:
– Users at risk should enable multi-factor authentication.
– Social media platforms should update their features and rules to prevent the Doubleswitch attack.
– Social media platforms should implement alternative ways to authenticate users, such as app-based authenticators.
