Social Media Account Hijacking Jumps 1,000% in Last 12 Months: Report
Hijacking of social media accounts has reached epidemic proportions in the last 12 months, according to the Identity Theft Resource Center.
The report found that 70% of the victims of account hijacking were permanently locked out of their social media accounts and 71% had friends contacted by the hackers that compromised the account.
It may be easy to dismiss this type of identity crime as a mere inconvenience, the report noted, but it can have a profound financial and emotional impact on people.
For example, 27% of account hijacking victims told the ITRC they’d lost sales revenue when they lost control of their social media.
One of the biggest assets for any kind of phishing attack is having a “trusted” channel of communication.
If I get a phishing email from Citibank, I know I can ignore it because I don’t bank there, if you are using a social media account to attack the contacts of your victim, they are already preconditioned to accept your message as valid.
We tend to trust people we’re close to when they message us on social media.
If I get a message from my mother, I’m going to implicitly trust it If someone takes over her social media account, it wouldn’t be hard for them to trick me into sending them money, my Social Security number, or my account password.
By abusing this sort of trusted relationship, account takeovers can spread and be difficult for victims to detect when compared to, for example, a phishing email.
Popularity Breeds Hackers
By impersonating the actual owner of the account, a bad actor can create posts or send private messages that fool contacts into doing something they would not otherwise do, such as clicking on a malicious link, handing over credit card information or their credentials — which can lead to further account compromise — or depositing money into the attacker’s account.
That is why it is crucial that we create a personal and organizational culture of healthy skepticism, where everyone is taught how to recognize the signs of a social engineering attack no matter how it arrives — be it email, web, social media, SMS message, or phone call — and no matter who it appears to be sent by. Always check your source to keep you protected.