The big news of the week was a social engineering hack of Twitter. The hackers were able to send out fake tweets from famous accounts in order to scam hapless victims.

While it’s not clear yet exactly what happened, from the little we know the hackers conned Twitter employees into giving access to some internal tools. These tools allowed the hackers to post tweets directly from any account they wanted. Most likely they posed as co-workers at Twitter.

This type of security breach underscores a sometimes overlooked problem in securing your data and networks. We’re used to changing our passwords, Multi-factor authentication, security questions, etc. However, everyone should be aware of direct personal contact from someone asking for sensitive information. We’re used to screening these “phishing” attempts out of our email, phone, and text messages, but would you (or your employees) be able to catch a seemingly benign request from a “co-worker”?

In an era where workers are increasingly virtual and do not meet most of their co-workers, it’s easy to see how someone could craft a careful attack to gain unauthorized access or sensitive information. Remind your employees to be careful about company data, even when requested from someone that seems legit.