Should social media users engage in a tug of war with hackers?
Almost half of the world’s population is active on social media. We post our lives, conduct business, shop, chat, reminisce and share stories on the myriad of platforms at our fingertips. Consequently, we place our personal information within reach of those who wish to exploit it and offer a tempting salon to raid for hackers, discusses Bat El Azerad, CEO and co-founder of novoShield, exploring the ensuing tug of war.
Entry points for cybercrooks to dig into systems are numerous and the vulnerabilities exposed are striking, making it a lucrative opportunity for criminals to exploit. To combat this threat and emphasize our side of the online tug-of-war, we must be armed with the tools that prevent, protect against, and manage account takeovers.
It’s business, and it’s personal
As social media users, we risk losing hundreds of photos, conversations and information if our accounts are criminally tapped. The hacker, in turn, gets the opportunity to sell the data, blackmail the data owner, or analyze the data to inform about further fraud. In terms of account takeovers, Instagram users were the worst hit in 2021, with 84% of hacked victims reporting the hijacking of Instagram accounts, while in the same year information from over 500 million Facebook users was posted in a shadowy internet forum. As recently as October this year, security flaws in some apps forced Facebook to warn users about it one million user accounts was subject to hijacking.
Like all other goods, the hacked accounts are sold at consistent prices – prices on the dark web are as low as $6 for a Reddit profile and up to a very reasonable $45 for a LinkedIn account. Actually for a skinny one $127, you can purchase a complete set of social media for a specified user. The simple truth is that hackers do not discriminate between business accounts or personal accounts: no one is immune to attack.
See more: Six social engineering techniques popular with scammers
Predators and prey
There are different approaches to accessing someone’s information. It can be scattergun-style, where malware is attached to links and messages, and the victim is the one who inadvertently lets the hacker in. Conversely, some companies or individuals have a bullseye on their avatars. This is often due to their net worth or their perceived willingness to pay ransom, although they can also be an attractive target because they run an influential social media account from which the hacker can later spread misinformation. Whether individuals or companies are at the top or bottom of the phishing supply chain, they must be threat intelligent.
Many of us typically use multiple devices and are often on the go, making us prone to errors. Human error often lowers the drawbridge and allows hackers to enter our fortresses undetected. Unsurprisingly, this occurs in remarkably greater instances on social media platforms than through other channels. Individuals behave more casually on social media and are therefore more likely to trust a hacker disguised as a friend. Famous figures are more vulnerable due to their bloated following networks and global reach, both of which can be mobilized by an ambitious hacker. But even if one sees targets with higher value—big game huntingas it is known in hacker parlance – when it comes down to it, the hacker will strike when a weakness is apparent.
According to one examination, nearly half (49%) of social media account takeover victims clicked on a link in an instant message from a friend before losing access to their social media accounts. The same study found that 3% of victims lost control of their accounts after submitting login details via fake sites. By clicking on an infected link, software, such as a “key logger”, can be stored on users’ computers. This common but effective entry method tracks keystrokes and generates a pattern file, allowing hackers to replicate passwords.
Alarmingly, 66% of victims said that after takeovers the hackers continued to post on their profiles, and 69% revealed that the hackers had also approached their friends. In addition, hackers often press account owners for ransom in return for control of their accounts. 22% of victims confirmed that this has happened to them.
A common defense
Statistics shows that 96% of baby boomers do not trust social media platforms to protect their data. Gen X and Gen Z are similar – 94% and 93% respectively. And rightly so, because the reality is that social media companies are not doing enough to protect users. Prevention is the first line of defense: Limit sensitive information in our public profiles, as this can be scraped by intelligent software and sold to malicious actors. We should also be more careful about which profiles we let into our friends or contact circles. A simple rule is to reject them if you don’t know them. We should be wary of incongruent links sent from friends’ accounts. If a page feels like something is off, just avoid it. In short, we should be more methodical and careful when navigating social media, as there are traps everywhere.
What if, despite your diligence, you suspect your account has been sabotaged? Regardless of the slowness shown by social media companies in retrieving a stolen account, it is still important to immediately flag evidence of wrongdoing with the social media company. At the same time, control the damage by resetting your password and other security details, as well as warning people you know about the hack – this will limit ongoing threats to your wider circles. Similarly, you can contact your bank to check for identity theft, unexplained charges, withdrawals and errors on your bank statement.
Ransom requests are a different animal. The unfortunate reality is that if you want your account back, it’s sometimes easier and more beneficial to coordinate with the hacker than to refuse payment. People with business accounts may be particularly reluctant to risk losing significant data or publicly disclosing their customers’ information if they avoid paying. Ideally, you should never pay the ransom – it discourages crime and provides future cash claims – but if you choose to go down this route, it would be wise to hire an expert in cybercriminal ransom handling to handle such situations. It is never black and white and the consequences of either paying or not paying must be considered.
Gives the hacking industry a blow
Total security in the social media cybersphere does not exist, but this does not mean we should accept the status quo. Both the companies responsible for the platforms and we, as users, must make every conceivable attempt to block, divert and deny a hacker’s advances. Better customer support is needed from a social media platform’s perspective, and many technological improvements should be made to reduce bots and spammers.
However, from the average user’s point of view, we need a better understanding and application of basic security and prevention methods. If we were all to review how we engage with our content that much more diligently, it would deal a severe blow to the hacking industry.
What strategies do you use to protect your social media accounts from hackers and prevent account takeovers? Share with us on Facebook, Twitterand LinkedIn.
Image source: Shutterstock