Hijacking of social media accounts has reached epidemic proportions in the last 12 months, according to the Identity Theft Resource Center.<\/p>\n
The non-profit which provides assistance to the victims of identity theft revealed in its 2022 Consumer Impact Report that social media takeovers have increase 1,000% during the period.<\/p>\n
In a survey of consumers, the ITRC found that 85% had their Instagram accounts compromised, while 25% had their Facebook account hijacked.<\/p>\n
The report also found that 70% of the victims of account hijacking were permanently locked out of their social media accounts and 71% had friends contacted by the hackers that compromised the account.<\/p>\n
It may be easy to dismiss this type of identity crime as a mere inconvenience, the report noted, but it can have a profound financial and emotional impact on people.<\/p>\n
For example, 27% of account hijacking victims told the ITRC they\u2019d lost sales revenue when they lost control of their social media.<\/p>\n
\u201cFor some people, where social media is a communication platform for family and friends, losing access can range from an annoyance to heartbreaking,\u201d said Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation, in Tel Aviv, Israel.<\/p>\n
\u201cFor others, where they are making money from Instagram, YouTube or TikTok, losing their account can mean a substantial hit to their income,\u201d he told TechNewsWorld.<\/p>\n
Abusing Trust<\/h3>\n
One of the biggest assets for any kind of phishing attack is having a \u201ctrusted\u201d channel of communication, observed John Bambenek, a principle threat hunter at Netenrich, an IT and digital security operations firm based in San Jose, Calif.<\/p>\n
\u201cIf I get a phishing email from Citibank, I know I can ignore it because I don\u2019t bank there,\u201d he told TechNewsWorld. \u201cIf you are using a social media account to attack the contacts of your victim, they are already preconditioned to accept your message as valid.\u201d<\/p>\n
\u201cWe tend to trust people we\u2019re close to when they message us on social media,\u201d added Paul Bischoff, a privacy advocate at Comparitech, a reviews, advice and information website for consumer security products.<\/p>\n
<\/p>\n
![\"Subscribe](\"https:\/\/www.ectnews.com\/wp-content\/uploads\/sites\/6\/2022\/05\/tnw-newsletter-pink.jpg\")
<\/div>\n<\/p><\/div>\n<\/center><\/p>\n
\u201cIf I get a message from my mother, I\u2019m going to implicitly trust it,\u201d he told TechNewsWorld. \u201cIf someone takes over her social media account, it wouldn\u2019t be hard for them to trick me into sending them money, my Social Security number, or my account password.\u201d<\/p>\n
\u201cBy abusing this sort of trusted relationship,\u201d he said, \u201caccount takeovers can spread and be difficult for victims to detect when compared to, for example, a phishing email.\u201d<\/p>\n
Popularity Breeds Hackers<\/h3>\n
An account owner isn\u2019t the only victim of an account hijacking, noted Matt Polak CEO and founder of the Picnic Corporation, a social engineering protection company, in Washington, D.C.<\/p>\n
\u201cBy impersonating the actual owner of the account, a bad actor can create posts or send private messages that fool contacts into doing something they would not otherwise do, such as clicking on a malicious link, handing over credit card information or their credentials \u2014 which can lead to further account compromise \u2014 or depositing money into the attacker\u2019s account,\u201d he told TechNewsWorld.<\/p>\n
\u201cSo social media account takeover can be not only be harmful to the person whose identity is being impersonated, but also to those who are targeted by the criminal using the account,\u201d he added.<\/p>\n
Social media\u2019s popularity has made it a target of web predators, maintained Roger Grimes, a data-driven defense evangelist with KnowBe4, a security awareness training provider, in Clearwater, Fla. \u201cWhatever becomes popular becomes hacked,\u201d he told TechNewsWorld. \u201cIt\u2019s been true since the beginning of computers and is just as true today.\u201d<\/p>\n
\u201cThat is why it is crucial that we create a personal and organizational culture of healthy skepticism, where everyone is taught how to recognize the signs of a social engineering attack no matter how it arrives \u2014 be it email, web, social media, SMS message, or phone call \u2014 and no matter who it appears to be sent by,\u201d he said.<\/p>\n
Robust Authentication Needed<\/h3>\n
Some of the blame for account hijacking can be pinned on social media operators, maintained Matt Chiodi, chief trust officer at Cerby, maker of a platform to manage Shadow IT, in San Francisco.<\/p>\n
\u201cNone of the prominent social media platforms offer robust authentication options to their billions of users,\u201d he told TechNewsWorld. \u201cThis is unacceptable for tools that are so widely used by consumers and critical to enterprises and democracy.\u201d<\/p>\n
\u201cThese \u2018unmanageable applications\u2019 do not support security standards, such as single sign-on or automated user creation and removal through a standard known as SCIM,\u201d he said. \u201cThese two standards are the bread and butter of what keeps many enterprises\u2019 crown jewel applications secure. But none of them are supported, and it\u2019s the main reason criminals go after social accounts.\u201d<\/p>\n
<\/center><\/p>\n
The ITRC also reported a slight decline in repeat victims of identity theft. In 2022, 26% of surveyed victims said they\u2019d been a victim before, compared to 29% in 2021.<\/p>\n
Awareness may be one reason for that decline, posited Carmit Yadin, founder and CEO of DeviceTotal, maker of a risk management platform for un-agentable devices, in Tel Aviv, Israel.<\/p>\n
\u201cWhen someone gets hacked, he takes it seriously,\u201d she told TechNewsWorld. \u201cHe will learn and know what not to do next.\u201d<\/p>\n
\u201cBefore getting hacked,\u201d she continued, \u201che may have heard about these attacks but wasn\u2019t aware of their consequences.\u201d<\/p>\n
Harder To Find Targets?<\/h3>\n
Another possible reason for the decline was offered by Angel Grant, vice president for security at F5, a multi-cloud application services and security company, in Seattle. \u201cVictims of identity theft often wrongfully feel shame and embarrassment that they did something wrong,\u201d he told TechNewsWorld. \u201cBecause of that, they often do not report when they are impacted.\u201d<\/p>\n
The decline could also be a sign that identity thieves may be finding it harder to find easy targets and harder to get new ones, suggested Ray Steen, CSO of MainSpring, a provider of IT managed services, in Frederick, Md.<\/p>\n
\u201cAfter falling prey to one identity attack, victims frequently clean up their digital footprint and adopt better security practices,\u201d he told TechNewsWorld.<\/p>\n
\u201cIn this light, a 3% decrease in victims is not as encouraging as it may first appear,\u201d he said. \u201cI would hope for larger improvements.\u201d<\/p>\n
\u201cUnfortunately,\u201d he added, \u201ccyber actors take at least one step forward for every step their victims take towards better security, and they are constantly developing new methods of attack.\u201d<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
Hijacking of social media accounts has reached epidemic proportions in the last 12 months, according to the Identity Theft Resource Center. The non-profit which provides<\/p>\n","protected":false},"author":1,"featured_media":1383,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1124,1125,1126,137,1127,139],"class_list":["post-1382","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-account","tag-hijacking","tag-jumps","tag-media","tag-months","tag-social"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.txd9.com\/index.php?rest_route=\/wp\/v2\/posts\/1382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.txd9.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.txd9.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.txd9.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.txd9.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1382"}],"version-history":[{"count":0,"href":"https:\/\/www.txd9.com\/index.php?rest_route=\/wp\/v2\/posts\/1382\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.txd9.com\/index.php?rest_route=\/wp\/v2\/media\/1383"}],"wp:attachment":[{"href":"https:\/\/www.txd9.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.txd9.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.txd9.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}