The Associated Press Twitter account was hacked on Tuesday when a fake tweet reported a bogus explosion at the White House. Investors were watching and the Dow fell about about one percent before the tweet was retracted. AP’s Twitter account is now suspended.
Some experts believe the Twitter attack started with a tainted email sent to an unsuspecting AP employee. The strategy is called spearfishing. According to the media blog Romenesko, who was forwarded the phishing email, here is how it read:
Sent: Tue 4/23/2013 12:12 PM
From: [An AP staffer]
Subject: NewsHello,
Please read the following article, it’s very important :
[link to fake Washington Post article]
[A different AP staffer]
Associated Press
San Diego
mobile [removed]
To protect yourself, users are urged to be alert for suspicious email. But Anup Ghosh, founder of a cybersecurity firm Invincea, says that’s not enough.
“Asking users to distinguish between what’s a legitamate email [and] what’s a spearfish, no longer works,” Ghosh says. “We actually just need better technology to protect our networks from users who click on links, and open attachments.”
Two weeks ago, Bloomberg said it is adding Twitter feeds to its popular financial data screens — and traders may need to tread carefully. To stem the rash of recent high profile hacking incidents, Twitter is reportedly working on additional security protections.
Correction: The original article misspelled the name of cybersecurity firm Invincea. The text has been corrected.