Social Engineering. Any protocols in place to prevent it?

  • Posted January 29, 2014

After just recently reading an article about a recent social engineering attack on a twitter user involving Godaddy and Paypal; I was curious to find out what protocols DigitalOcean has in place to prevent these attacks. It’s pretty concerning since OTP was enabled and someone still managed to gain control of his Godaddy and Twitter account.

It’s a pretty interesting read:


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Can’t find the edit button - no idea what happened to last sentence of para 1, but it should finish “if he’d have enabled two factor authentication, it couldn’t have happened”.

Yes. Common sense and two-factor authentication! I think that’s what you meant by OTP (One Time Password)? But the author said he only had it on for his PayPal account. He said the attack vector started through Facebook, they changed his gmail account, and hacked his twitter. If he’d have have <br> <br>PLEASE let this be a lesson for everyone - ENABLE TWO FACTOR AUTHENTICATION EVERYWHERE YOU CAN! MY DigitalOcean account has it, my Cloudflare account (which handles the MX records) has it, my Facebook, Twitter and Gmail accounts all have it. Yes, it’s one more thing to do when logging in, but it makes you virtually hackproof. <br> <br>The user in that post wasn’t hacked because of any system failure or missing protocols; he was hacked because he didn’t use the 2FA (call it OTP, TSA, two-step-authentication or whatever) that is provided for all of the services he uses, including GoDaddy.