Does Gaga attack signal a change in tactics for social media scammers?

Clearly, the simplest way to do this is to guess the password used for these accounts. With many people using one login point for a number of social media platforms, it’s possible that finding one right password could have given someone easy access to Gaga’s Facebook and Twitter feeds. However, we’d like to think that – especially given this summer’s furore over the Fox News Twitter feed claiming Barack Oabama had died – those running high-profile accounts at least follow some basic rules in password security.

So what other possibilities are there? It may be that, as awareness of social media security increases, this attack signals a change in tactics by cybercriminals to continue exploiting the medium. The person running Gaga’s account could have been the victim of a spear phishing attack. This technique has been used in more serious attacks, such as the one involving Mitsubishi back in September, so it’s reasonable to expect the same tactics being applied here, too.

As in the Mitsubishi attack, the email may be designed to trick the recipient into installing malware such as a zbot Trojan, which can then automatically steal details such as passwords. This could be through carefully crafted personal information – appropriately gained from social media sources the recipient has an account with – which can be used as the “trigger” to convince them into opening a malicious attachment containing the payload.

Without more details on this specific attack, we can’t say for sure what tactics were used. However, the increasingly simplicity with which spear phishing attacks can be automated and delivered – combined with the huge potential to be gained from exploiting millions of Twitter followers or Facebook fans – makes the use of malware in these celebrity attacks a strong option.