Police in Essex, UK, have had a rough day of it after mischievous hackers broke into their Twitter account – and broadcast bogus security tips.
The dodgy tweet, recommending people use insecure HTTP rather than encrypted HTTPS for online shopping and banking, has since been removed. El Reg readers will know it's HTTPS or bust when buying stuff online or checking your balance.
"Elaborate prank? Peculiar stealth recruitment test? I've no idea. It's possible that the original redirect URL pointed to other sites which may well have been malicious and has since been aimed at the GCHQ link for a bit of a giggle," said Christopher Boyd, malware intelligence analyst at Malwarebytes.
Thankfully very few people appear to have taken the bait: according to Google analytics about 450 people followed the URL at time of writing.
Essex's finest have apologized, and are reviewing their security procedures. ®
We apologise for previous tweet re #CyberAware; it was malicious & has been deleted - please do not click on the link that was in the tweet.— Essex Police (@EssexPoliceUK) October 23, 2015