Should Social Media Users Engage in a Tug-of-war with Hackers?
How can social media users stay better protected from hackers?
Almost half the world’s population is active on social media. We post our lives, conduct business, shop, chat, reminisce, and share stories on the myriad of platforms at our fingertips. Consequently, we’re placing our personal information within easy reach of those looking to exploit it and offering an enticing parlor to plunder for hackers, discusses Bat El Azerad, CEO and co-founder of novoShield, and explores the ensuing tug-of-war.
Entry points for cybercrooks to burrow into the systems are numerous, and the vulnerabilities that are revealed are striking, making it a lucrative opportunity for criminals to capitalize on. To combat this threat and to add weight to our side of the rope in the online tug-of-war, we must be forearmed with the tools that prevent, protect against, and manage account takeovers.
It’s Business, and It’s Personal
As social media users, we risk losing hundreds of pictures, conversations, and information if our accounts are criminally intercepted. The hacker, on their part, gains the opportunity to sell the data, blackmail the data owner, or analyze the data to inform further scams. Regarding account takeovers, Instagram users were the worst hit in 2021, with 84% of hacked victims reporting Instagram account hijackings, while in the same year, information from over 500 million Facebook users was posted in a shadowy internet forum. As recently as October this year, security flaws in certain apps forced Facebook to warn its users that a million user accounts were susceptible to hijacking.
Like any commodity, the hacked accounts are sold at consistent rates—prices on the dark web are as low as $6 for a Reddit profile and up to a very reasonable $45 for a LinkedIn account. In fact, for a meager $127, you can purchase a complete social media set for a specified user. The simple truth is that hackers don’t discriminate between business or personal accounts: no one is immune to attack.
See More: Six Social Engineering Techniques Popular with Scammers
Predator and Prey
There are different approaches to gaining access to someone’s information. It can be in scattergun style, where malware is attached to links and messages, and the victim is whoever inadvertently allows the hacker in. Conversely, some businesses or individuals have a bullseye on their avatars. This is often due to their net worth or their perceived willingness to pay ransoms, though they may also be an attractive target because they run an influential social media account from which the hacker can subsequently disseminate misinformation. Whether individuals or companies are at the top or the bottom of the phishing food chain, they need to be threat-intelligent.
Many of us habitually use multiple devices and are often on the go, which makes us susceptible to blunders. Human error often lowers the drawbridge and allows hackers into our fortresses undetected. Unsurprisingly, this occurs in remarkably greater instances on social media platforms than through other channels. Individuals behave more casually on social media and are, therefore, more likely to trust a hacker who is disguised as a friend. Well-known figures are more at risk due to their inflated follower networks and global reach, both of which can be mobilized by an ambitious hacker. However, even if higher-value targets are sighted—big game hunting, as it’s known in hacker parlance—when it comes down to it, the hacker will pounce once a weakness is evident.
Weapons of Choice
According to one survey, nearly half (49%) of social media account takeover victims clicked on a link in a direct message from a friend before losing access to their social media accounts. The same study showed that 3% of victims lost control of their accounts after submitting login details via spoofed pages. Clicking on an infected link could permit software, such as a ‘key logger,’ to stow away on users’ computers. This common yet effective entry method tracks keystrokes and generates a pattern file, allowing hackers to replicate passwords.
Alarmingly, 66% of victims said that, after takeovers, the hackers continued to post on their profiles, and 69% revealed that the hackers had also approached their friends. In addition, hackers often extort account owners for ransom payments in return for control of their accounts. 22% of victims confirmed that this has happened to them.
A Common Defense
Statistics show that 96% of baby boomers don’t trust social media platforms to protect their data. Gen X and Gen Z are similar—94% and 93%, respectively. And rightfully so, because the reality is that social media companies don’t do enough to protect users. Prevention is the first line of defense: restrict sensitive information in our public profiles, as this can be scraped by intelligent software and sold to malicious actors. We should also be more careful regarding which profiles we let into our friends or contact circles. A simple rule is rejecting them if you don’t know them. We should be wary of incongruous links sent from friends’ accounts. If a page feels like something is off, just avoid it. In short, we should be more methodical and meticulous while navigating social media, as there are traps everywhere.
What if, despite your diligence, you suspect your account has been sabotaged? Regardless of the inertness shown by social media companies when it comes to retrieving a stolen account, it’s still essential to immediately flag any evidence of foul play with the social media company at hand. At the same time, control the damage by resetting your password and other security details, as well as warning people you know about the hack—this will limit ongoing threats to your wider circles. Likewise, contact your bank to check for identity theft, unexplained charges, withdrawals, and errors on your statement.
Ransom requests are a different animal. The unfortunate reality is that if you want your account back, sometimes it’s easier and more advantageous to coordinate with the hacker than to refuse payment. People with business accounts may be especially reluctant to risk losing significant data or publicly exposing their customers’ information should they avoid paying. Ideally, you should never pay the ransom—it abets crime and engorges future cash demands—but if you choose to venture down this path, it would be wise to employ an expert in handling cybercriminal ransom negotiations to deal with such situations. It’s never black and white, and the consequences of either paying or not paying must be taken into consideration.
Delivering a Blow to the Hacking Industry
Total security in the social media cybersphere does not exist, but this doesn’t mean we should accept the status quo. Both the companies in charge of the platforms and we, as the users, must make every conceivable attempt to block, deflect and refuse a hacker’s advances. Better customer support is needed from a social media platform’s perspective, and many technological improvements should be made to reduce bots and spammers.
From the average user’s point of view, though, we need a better understanding and application of basic security and prevention methods. If we were all to review how we engage with our content that much more assiduously, it would deliver a dire blow to the hacking industry.
What strategies are you employing to protect social media accounts from hackers and prevent account takeovers? Share with us on Facebook, Twitter, and LinkedIn.
Image Source: Shutterstock