A police force in England was left red-faced on Friday after its Twitter account was hacked and used to post misleading cybersecurity advice.
Essex police has since removed the offending tweet, which claimed: “if you shop & bank online—make sure the site’s URL has ‘http://’ to protect your data.”
HTTP is an insecure protocol which will certainly not make online shopping or banking more secure.
As security blogger Graham Cluley wrote in a post on the incident, HTTPS is the more secure of the two, although even that is not a foolproof way to avoid scams.
“What you actually want to look for is HTTPS, which encrypts communications between your web browser and the website you’re trying to access. Hopefully you have noticed the little green padlock in your URL bar when you access sites that need to secure your information, such as your online bank or webmail accounts,” he explained.
“But there’s still nothing to stop bad guys from creating websites that use HTTPS—so don’t be fooled into believing that it is *proof* that a site is safe to log into.”
To make matters worse for the police force, the link posted alongside this bogus security message is said to have taken users to a site hosting an “offensive” picture.
In any case, the police force soon removed the offending tweet and implied that its account had been cracked or hacked by a malicious outsider.
It tweeted the following message:
“We apologise for previous tweet re #CyberAware; it was malicious & has been deleted - please do not click on the link that was in the tweet.”
Cluley argued that organizations of all sizes need to take the security of their social media accounts more seriously.
“Maybe they would be wise to enable Twitter’s two-factor authentication (known as Login Verification) to protect their account as well,” he added.
The past few days have shown that law enforcers are becoming a popular target for cyber mischief makers.
Last week, Lancashire Constabulary was forced to issue a warning to internet users after reports emerged of a spam phishing email purporting to come from the force.