A report from the New York Department of Financial Services covering the high-profile Twitter account hack from earlier in the year reveals how little time an attack takes to be successful.

I wrote recently about a large number of high-profile twitter accounts being hacked all to promote a fake bitcoin doubling scam. Accounts that were hacked included Apple, Elon Musk and Joe Biden.

A new report on the attack from the New York State Department of Financial Services provides startling details on who carried out the attack and how little effort it really took. According to the report, the three perpetrators were two teenagers from the U.S. and a 22-year old from the U.K. The scam began with vishing Twitter employees by pretending to be members of Twitter’s internal IT calling about an issue with VPN access. Once they gained control over credentials that would provide them an ability to take over Twitter accounts, they took over several high-profile accounts and began tweeting the so-called CryptoForHealth scam.

From start to finish, it only took these youngsters less than one day to use basic social engineering tactics to compromise one of the largest social media giants on the planet. It goes to show you that even organizations with evident efforts to ensure the highest levels of cybersecurity can be taken down by a single employee.

It’s why I talk about the importance of Security Awareness Training so much; it only takes one careless employee, one click, one answering of the phone, etc. to turn an organization into a victim. By educating them about the importance of paying attention to the ever-present threat of cybercriminal activity, your users build up their vigilance and are less likely to fall for scams – even one as simple as this one.