Account hijacking on social media has increased by 1000% in the last 12 months

Account hijacking on social media has increased by 1000% in the last 12 months

The hijacking of social media accounts has reached epidemic proportions in the past 12 months, according to the Identity Theft Resource Center.

The nonprofit organization that provides assistance to victims of identity theft revealed in its 2022 Consumer Impact Report that social media adoption has increased by 1,000% over the period.

In a survey of consumers, the ITRC found that 85% had their Instagram accounts compromised, while 25% had their Facebook account hijacked.

The report also found that 70% of account hijack victims were permanently banned from their social media accounts, and 71% had friends contacted by the hackers who compromised the account.

It may be easy to dismiss this type of identity crime as a mere inconvenience, the report noted, but it can have a profound financial and emotional impact on people.

For example, 27% of account hijacking victims told the ITRC that they had lost sales revenue when they lost control of their social media.

“For some people, where social media is a communication platform for family and friends, losing access can range from annoying to heartbreaking,” said Mike Parkin, senior technical engineer at Vulcan Cyber, a SaaS provider of enterprise cyber remediation, in Tel Aviv, Israel.

“For others, where they make money on Instagram, YouTube or TikTok, losing their account could mean a significant blow to their income,” he told TechNewsWorld.

Abusing trust

One of the biggest advantages to any type of phishing attack is having a “trusted” communication channel, observed John Bambenek, a senior threat hunter at Netenrich, an IT and digital security operations firm based in San Jose, California.

See also  Comment augmenter la sécurité de votre mobile contre les attaques de piratage

“If I get a phishing email from Citibank, I know I can ignore it because I don’t bank there,” he told TechNewsWorld. “If you use a social media account to attack your victim’s contacts, they are already conditioned to accept your message as valid.”

“We tend to trust people we’re close to when they message us on social media,” added Paul Bischoff, a privacy attorney at Comparitech, a website for reviews, advice and information for consumer security products.

“If I get a message from my mother, I’m going to trust it implicitly,” he told TechNewsWorld. “If someone takes over her social media account, it wouldn’t be difficult for them to trick me into sending them money, my social security number or my account password.”

“By abusing this type of trusted relationship,” he said, “account takeovers can spread and be difficult for victims to detect compared to, say, a phishing email.”

Popularity breeds hackers

An account owner isn’t the only victim of an account hijack, noted Matt Polak, CEO and founder of Picnic Corporation, a social engineering protection company, in Washington, DC

“By impersonating the actual owner of the account, a bad actor can make posts or send private messages that trick contacts into doing something they wouldn’t otherwise do, such as clicking on a malicious link, handing over credit card information or their credentials – which could lead to further account compromise – or depositing money into the attacker’s account,” he told TechNewsWorld.

“So the takeover of social media accounts can be harmful not only to the person whose identity is being impersonated, but also to those targeted by the criminal using the account,” he added.

Social media’s popularity has made it a target for cyber predators, said Roger Grimes, a data-driven defense evangelist with KnowBe4, a provider of security awareness training, in Clearwater, Florida. “Whatever gets popular gets hacked,” he told TechNewsWorld. “That has been true since the dawn of computers and is just as true today.”

See also  Matter Labs, the company behind zkSync, raises $200 million to scale Ethereum

“That’s why it’s critical that we create a personal and organizational culture of healthy skepticism, where everyone is taught how to recognize the signs of a social engineering attack no matter how it comes – be it email, web, social media, SMS messages, or phone call — and whoever it appears to be sent by,” he said.

Robust authentication is required

Some of the blame for account hijacking can be placed on social media operators, maintained Matt Chiodi, chief trust officer at Cerby, maker of a platform for managing Shadow IT, in San Francisco.

“None of the prominent social media platforms offer robust authentication options to their billions of users,” he told TechNewsWorld. “This is unacceptable for tools that are so widely used by consumers and critical to business and democracy.”

“These ‘unmanageable applications’ do not support security standards, such as single sign-on or automatic user creation and removal through a standard known as SCIM,” he said. “These two standards are the bread and butter of what keeps many companies’ crown jewel applications secure. But neither is supported, which is the main reason criminals go after social accounts.”

The ITRC also reported a slight decrease in the number of repeat victims of identity theft. In 2022, 26% of victims surveyed said they had been a victim before, compared to 29% in 2021.

Awareness may be one reason for this decline, said Carmit Yadin, founder and CEO of DeviceTotal, maker of a risk management platform for agentless devices, in Tel Aviv, Israel.

“When someone gets hacked, they take it seriously,” she told TechNewsWorld. “He wants to learn and know what not to do next.”

See also  La surveillance est continue même si personne ne vous recherche

“Before he was hacked,” she continued, “he may have heard about these attacks but was unaware of their consequences.”

Harder to find targets?

Another possible reason for the decline was offered by Angel Grant, vice president of security at F5, a multi-cloud application services and security company, in Seattle. “Victims of identity theft often falsely feel shame and embarrassment that they have done something wrong,” he told TechNewsWorld. “Because of that, they often don’t report when they’re affected.”

The decline could also be a sign that identity thieves may find it harder to find easy targets and harder to get new ones, suggested Ray Steen, CSO of MainSpring, an IT managed services provider, in Frederick, Md.

“After falling victim to one identity attack, victims often clean up their digital footprint and adopt better security practices,” he told TechNewsWorld.

“In this light, a 3% drop in casualties is not as encouraging as it might first appear,” he said. “I hope for greater improvements.”

“Unfortunately,” he added, “cyber actors take at least one step forward for every step their victims take toward better security, and they are constantly developing new attack methods.”

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *