Social media account hacking skyrockets in 2022: Internet Scambusters #1,033
Social media account hacking, in which crooks take over a user's account and use it for various crimes, is on the rise.
In just the first three months of this year, the number of takeovers skyrocketed over the total for the whole of last year.
In this week's issue, we explain how the hackers can take control of your account, how to prevent it, and what you should do if you fall victim.
Let's get started…
How To Prevent Social Media Account Hacks
"My account has been hacked. Please ignore a friend request."
It may be of little comfort but if you've ever sent or received a message like that on, say Facebook or Instagram, you're actually among millions of users hit every year by social media account hackers.
It's one of the fastest growing and most alarming Internet crimes, with security experts estimating that somewhere between 20 and 40 percent of all social network accounts have been compromised at some point.
In the first three months of this year alone, the number of hacked accounts reported to the Internet Theft Resource Center (ITRC) easily beat the figure for the whole of 2021, which was itself a sharp increase on the prior year.
And while the network providers themselves try to spot and remove these crooks, the hackers and scammers keep coming up with new ways to trick users into handing over access to their accounts and friend lists.
The number one way of hacking an account is simple. The crook poses as a friend of the intended victim asking for help accessing his own (the "friend's") account. The message includes a link the victim is supposed to click. But doing so enables the hacker to take over their account and even block access to the real user.
In other cases, scammers get access to social media accounts through data breaches and users don't find out until a real friend tells them they're getting requests to link up, when they actually already follow you.
A hacked account can currently be sold on the dark web to scammers and identity thieves for around $50 - one of the most valuable pieces of stolen consumer information currently being traded by hackers.
And, of course, once a hacker has control of an account, they have access to the victim's entire list of friends who will be targeted next, which is when that dreaded message we began this report with comes into play.
Account control also gives the thief the opportunity to post under the guise of the victim, enabling them to spread fake news or post links to other sites set up for identity theft. Often, they're used to promote cybercurrency scams.
It's like a giant pyramid scheme where the number of potential victims multiplies with each account takeover.
How to Avoid a Social Media Account Takeover
Here are some of the important actions you can take to protect yourself from a social media account takeover:
- If you receive a friend request from someone you're already linked to, it's almost certainly a hacking scam, so don't click on the "accept" button. And let your friend know.
- If the request comes from someone you know but who you're not following, again don't click to accept. Contact the person independently and check that they did send the request. And be extra cautious about accepting friend requests from people you don't know - they're nearly always scams.
- Always use a strong and unique password for each social media account and use a second pass code or other type of multi-factor authentication (MFA) such as those sent via text messages. Learn more about two-factor authentication from our earlier issue: How to Easily Enhance Your Password Security. And never share your password or code with anyone.
- If you learn of a data breach affecting your social media account, change your password immediately.
- Don't download third party apps promoted on your social media account. They can be used to hack your account.
What to do if Your Account Has Been Hacked
You want to regain control of your account as soon as possible. If the hacker hasn't changed your password and you still have access to the account, change it yourself immediately. And implement MFA.
If you're locked out, you need to contact the network provider. Different sites have different ways of dealing with it. Search on the phrase "My ------- account has been hacked" (insert the media network name in place of the dashes) and look for results that are actually from the network company.
It's also important to let your friends know, via email or a message service, to put them on the alert. Which brings us back to where we started:
"My account has been hacked. Please ignore a friend request."
This Week's Scam Alerts
Dark pattern worries: The US Federal Trade Commission (FTC) has sounded an alarm about the increasing use of so-called "dark pattern" tricks used by online companies to trick consumers into buying stuff they don't want or into giving away confidential information about themselves. Tactics include making ads look like non-advertising independent posts, making it tough to cancel subscriptions or charges, and hiding key terms and conditions or junk fees. "These traps will not be tolerated," says Samuel Levine, the Commission's Director of the Bureau of Consumer Protection. We covered dark patterns in issue #977: "Dark Patterns": How Websites Trick You Into Spending.
Crypto scam returns: A fake ad promoting a supposed virtual currency to be launched by Amazon has reappeared online. It was first spotted in 2021, claiming investors could get in early on a deal by buying into a "pre-sale." As of this writing, Amazon has never said it plans to launch a crypto currency, let alone have a pre-sale.
Stargazer warning: If you're one of the millions of people in awe of the images being returned by the new James Web Telescope (JWT), keep your eyes peeled for a phishing attempt that uses copies of JWT images embedded with malware. It comes with what seems to be a Microsoft Word attachment that contains a download link for the picture. Once downloaded, it installs malware that enables a hacker to access your computer. If you want to see genuine images, NASA has posted them on a Flickr social media photo site.
That's all for today -- we'll see you next week.