As more research and investigation is conducted on the latest hack of high profile individuals on Twitter - including luminaries such as Bill Gates, Elon Musk, Joe Biden and Barack Obama - there are some lessons that all organisations should learn.
In this case, the attacker did just post obviously fake demands for Bitcoins. However, this type of attack is also tapping into the same psychological traits as those who practice CEO Frauds - someone respected, and with some level of power and influence is demanding / requesting / suggesting a particular course of action. In many cases people will comply because of the person being impersonated.
As with most cyber crime scams the economics of cyber crime mean that even if a tiny fraction of those seeing the message fall victim, then the cyber criminal has made money and achieved their objectives.
There are several simple controls that can be put into place to protect against damage which might be inflicted by malicious actors that gain access to social media accounts.
The three simplest controls you can put in place to help combat this are:
1) Limit access to official social media accounts. Pretty obvious, but often not well managed.
2) Implement Multi-Factor Authentication. The best method of MFA is using a mobile app, and communication through a different channel or platform.
3) Continuous monitoring of social media output from high profile individuals within your organisation. At the first sign of something unusual, have a defined process in place to check validity and authorisation of posts and messages.
Security researchers have said the attackers could have done considerably more damage with their access than just sending out obviously fake Bitcoin scam tweets.