American cybersecurity firm Mandiant, a subsidiary of Google Cloud, experienced a security breach on its social media account, lasting for more than six hours. The unknown attacker gained control of Mandiant’s account and posed as the Phantom crypto wallet, promoting a fraudulent website offering free $PHNTM tokens in a fake airdrop. Users who clicked the ‘Claim Airdrop’ button were redirected to a legitimate site, where they were prompted to install the Phantom wallet.
Once installed, the wallet attempted to automatically drain cryptocurrency wallets of the targets. Mandiant regained control of its account, but the incident underscores the persistent threat of social engineering and phishing attacks.
The attacker, after compromising Mandiant’s account, retitled it to @phantomsolw and retweeted official Phantom account posts to add legitimacy to the scam. The imposter deleted the scam tweet and began taunting Mandiant, suggesting a password change and advising them to check bookmarks upon regaining account access.
The incident not only targeted unsuspecting users with a cryptocurrency scam but also aimed to tarnish Mandiant’s reputation. The swift response from Mandiant and the warning issued by Phantom Wallet illustrate the importance of vigilance in the face of social media-based attacks.
This security breach highlights the broader challenge of securing social media accounts, even for reputable cybersecurity firms. The attacker’s ability to manipulate Mandiant’s account to promote a fraudulent crypto scheme underscores the need for enhanced security measures, including two-factor authentication and employee training to recognize and thwart social engineering attempts.
