NY Post Hack Reveals Dangerous New DM Scamming Tactics
NY Post Hack Reveals Dangerous New DM Scamming Tactics
Cybersecurity threats evolve at lightning speed. Just when businesses think they've caught up with hackers' latest schemes, criminals develop new methods to bypass security measures. The latest evolution? Crypto scammers are moving away from public posts to more discreet direct messages on social platforms.
The New York Post's X account hack shows this clear shift in tactics. In this post, we'll examine what happened to the NY Post, the implications for businesses, and nine actionable steps you can take to protect your X account and other social media profiles from similar attacks.
What Happened To The NY Post's X Account?
On May 3, 2025, hackers infiltrated the New York Post's official X account, but with a twist that marks a dangerous evolution in social media scams. Instead of posting public cryptocurrency scams as seen in previous high-profile breaches, the attackers used a more targeted approach.
Several users from the cryptocurrency community reported receiving private messages from the compromised NY Post account. These messages invited recipients to participate in a podcast and directed them to continue the conversation on Telegram.
‍
‍
The scam was first uncovered by Kerberus founder and CEO Alex Katz, who shared a screenshot of a message supposedly from author and journalist Paul Sperry sent through the NY Post's official account.
What makes this attack particularly concerning is its departure from typical social media hacks. Unlike the recent Samsung and NBA breaches where hackers publicly posted cryptocurrency scams, these attackers operated quietly through direct messages before directing targets to Telegram.
Once users agreed to participate in the fake podcast, scammers would provide a physical address, presumably setting up victims for real-world theft or harm. This approach combines digital and physical threats, representing a dangerous evolution in social engineering tactics.
How To Protect Your X Account From Hackers
Unfortunately, X accounts remain prime targets for hackers. Major brands, celebrities, and businesses face constant threats, making robust cybersecurity essential. While no security measure is completely foolproof, there are effective steps you can take to significantly reduce your risk of compromise.
Here's how to secure your X account and protect your business from similar threats:
1) Create A Social Media Policy
A social media policy serves as your organization's roadmap for online behavior. This document outlines clear guidelines for how your company and employees should conduct themselves on social platforms, covering both professional and personal activities.
Your policy should apply to everyone in your organization—from interns to executives—and address both official brand channels and personal accounts when they mention your company. This approach ensures consistent messaging and security practices across all touchpoints.
Moreover, organizations need a social media policy for several critical reasons. First, it protects your brand reputation by preventing negative attention and employee missteps that could damage your image. A single ill-considered post can quickly escalate and erode customer trust that took years to build.
Second, with social media platforms becoming increasingly vulnerable to cyber threats, a well-defined policy helps mitigate security risks. Including guidelines on password strength, suspicious message handling, and account access helps protect your company and employees from hacking, phishing, and fraudulent accounts.
Finally, your social media policy should clearly define account ownership—specifying who owns and bears responsibility for your company's social media accounts, content, and followers to prevent disputes or confusion during personnel changes.
2) Create A Rapid Response Team (RTT)
‍
‍
A Rapid Response Team (RTT) is a dedicated group within your organization tasked with managing and responding to various types of incidents. In cybersecurity contexts, this team—sometimes called a Computer Security Incident Response Team (CSIRT)—quickly identifies, contains, mitigates, and recovers from security threats or data breaches that could compromise your digital assets.
With that said, the RTT concept extends beyond cybersecurity to handle a range of incidents, including social media crises, public relations emergencies, and other business disruptions requiring immediate, coordinated action.
For social media specifically, an RTT serves as a crucial element for predicting, planning for, and effectively responding to events that could threaten your organization's online reputation or operational stability.
3) Regularly Train Your Team On Cybersecurity
Social media threats constantly evolve, requiring organizations to continuously evaluate and adjust their security measures to stay ahead of malicious actors.
Many employees, even digital natives, lack understanding of the unique security risks associated with using social media for business. This awareness gap makes regular, targeted training essential, empowering your team to make informed security decisions in their daily online interactions.
A robust social media security training program significantly improves your organization's overall security posture by strengthening your "human firewall"—the collective awareness and vigilance of your employees.
When you equip your team with the knowledge to recognize and avoid potential threats, you substantially reduce the risk of human error, often identified as the weakest link in the cybersecurity chain.
4) Use Strong, Complex Passwords
Passwords act as primary gatekeepers for your online accounts. Strong, complex passwords are vital for protecting these accounts from unauthorized access.
The more intricate and unpredictable your password, the harder it becomes for attackers to guess or crack it through brute-force attacks –automated systems that try countless character combinations to gain entry.
Using strong, unique passwords significantly reduces the risk of credential stuffing attacks—a common tactic where cybercriminals use stolen credentials from one breach to access other accounts.
And most importantly, never reuse passwords across multiple platforms. Password recycling dramatically increases your risk of widespread unauthorized access if just one password gets compromised in a data breach.
‍
‍
To create secure passwords that effectively protect against these threats, follow these best practices:
- Make passwords at least 14-20 characters long—longer passwords take exponentially more time to crack.
- Incorporate complexity with a mix of uppercase and lowercase letters, numbers, and special symbols.
- Prioritize unpredictability by avoiding easily guessable information like birthdays, names, common dictionary words, or personal details.
- Create passwords that are as random as possible, avoiding discernible patterns or sequences that attackers could exploit.
5) Enable Two Factor Authentication For Teams
Organizations should mandate two-factor authentication (2FA) for their teams to significantly improve the security of their online accounts, including X profiles.
Two-Factor Authentication demands two different identity verification methods, creating a strong protective barrier that significantly increases the difficulty of unauthorized access, even when passwords become compromised.
Implementing 2FA effectively strengthens your defenses against common cyber threats like phishing attacks targeting login credentials, keylogging software that records keystrokes, and brute-force attacks attempting to crack passwords through sheer volume. In fact, according to Microsoft, enabling multi-factor authentication can prevent a staggering 99.9% of attacks targeting online accounts.
That said, while traditional 2FA focuses on securing individual accounts using methods tied to personal devices (like SMS codes or authenticator apps), team-based 2FA addresses the unique challenges social media managers have. Standard 2FA methods become cumbersome when multiple team members need access to a single social media account, as sharing personal codes or constantly switching authentication methods creates inefficiency and security risks.
To address these team-specific challenges, solutions like Spikerz have developed specialized 2FA systems designed specifically with collaborative social media management in mind.
For example, Spikerz offers several capabilities that make it particularly well-suited for teams:Â
- Centralized Access Management: Spikerz integrates with your social media accounts, ensuring only authorized users can access company profiles.
- Phishing Protection: AI-powered threat detection identifies and blocks phishing attempts before they reach team members.
- Device-Free Authentication: Browser-based 2FA eliminates the need for specific devices, ensuring smooth workflows.
- Simultaneous Multi-Device Access: Multiple team members can log into the same account from different devices simultaneously, enabling real-time collaboration without compromising security.
Don't wait for hackers to target your accounts. Take action now to safeguard your brand's reputation and customer trust. Start using Spikerz today and give your social media the protection it deserves.
6) Avoid Clicking Phishing Links
Social media phishing links are deceptive URLs shared across platforms like X, Facebook, Instagram, and LinkedIn, disguised as legitimate web addresses.
These malicious links spread through various channels, including direct messages, comments, and status updates on timelines and within groups.
Their primary goal is to redirect users to fake login pages designed to steal credentials. They can also lead to websites programmed to automatically download malware onto your device or collect sensitive personal information for nefarious purposes.
Everyone should be careful and avoid clicking social media phishing links. When in doubt, contact the supposed sender through official channels to verify legitimacy before clicking any suspicious links.
7) Only Use Company Approved Channels For Communication
Organizations should enforce strict policies requiring only company-approved channels for all internal communication. Using secure, company-sanctioned communication methods—such as encrypted messaging systems, Virtual Private Networks (VPNs), and secure email services—provides vital protection against cybersecurity threats like phishing attacks, malware spread, and man-in-the-middle attacks that could compromise sensitive data.
8) Use Antivirus Software
Organizations must deploy and maintain up-to-date antivirus software on all company computers to protect against keyloggers and other malware designed to steal sensitive information from local hardware.
9) Use Social Media Security Tools
Social media security tools are software and applications designed to protect individuals and organizations from threats and risks associated with using social media platforms. These tools aim to ensure the safety of user accounts, data, brand reputation, and overall online presence.
These tools provide a range of features to detect, respond to, and prevent security threats, ultimately helping individuals and organizations maintain a safe and secure online presence.
There are many different types of security tools available and each one falls under a different category. For example, there are tools for brand monitoring, social media management, privacy management, anti-malware software, password management, and more.
‍
‍
One example of a social media security tool is Spikerz. Spikerz is an all-in-one social media security and protection platform designed for businesses and individuals who want to safeguard their online presence. It provides multiple security features, including 24/7 monitoring for hacking attempts, bot attacks, and spam, while protecting against shadowbanning and impersonators.
Spikerz also offers backup services to ensure businesses can recover their social media accounts after security incidents. Additionally, Spikerz provides a free chatbot solution for account recovery, helping businesses regain access to their social media accounts without additional fees.
Spikerz main goal is to provide peace of mind to businesses and individuals using social media, knowing their accounts are protected by a robust, reliable security system.
Are you already using a social media security solution to protect your social media presence?
Your accounts are too valuable to leave unprotected. Don't wait until after a breach to take security seriously. Protect your brand's digital presence now with Spikerz—because prevention costs far less than recovery.
Conclusion
The NY Post hack demonstrates how social media threats continue to evolve in sophistication. Moving from public crypto scams to personalized direct messages represents a dangerous new frontier in social engineering attacks.
Protecting your X account—and all your social media profiles—requires a multi-layered security approach. From creating comprehensive social media policies and establishing rapid response teams to implementing strong passwords, team-based 2FA, and specialized security tools like Spikerz, each measure adds another barrier between your accounts and potential attackers.
Remember that your social media accounts represent valuable business assets worth protecting. Implementing the security measures outlined in this guide won't just prevent unauthorized access—it will safeguard your brand reputation, customer trust, and bottom line from increasingly sophisticated threats.
