The Identity Theft Resource Center (ITRC) published the 2022 ITRC Consumer Impact Report last week. It details a new scam known as “social media account takeover fraud,” in which cybercriminals and ID theft criminals hijack Facebook and Instagram accounts to steal personally identifiable information (PII).
Account takeover fraud (ATO), is when a fraudster successfully accesses your bank account, credit card account, cell phone account, utility account, Social Security account, or reward/loyalty card account. This occurs when malicious actors attempt to take control of an account using weak passwords, phishing, hacking, and/or credential stuffing.
What is happening…
Social media account takeover attacks have increased by more than 1,000% in the past 12 months, according to the ITRC. The results of a quick survey of victims who reported a social media account takeover are included in the 2022 Consumer Impact Report. The victims who participated in the micro-survey stated the following:
- 85 percent had their Instagram accounts compromised, while 25 percent had their Facebook accounts compromised.
- At least 48 percent of people clicked on a link they thought came from a friend,
- 22 percent of people fell for a cryptocurrency scam.
- 51 percent of victims who had their accounts compromised lost personal money or sales revenue
- 70 percent have been permanently locked out of their social media accounts
- 71 percent contacted friends listed in the social media account
- 67 percent report the criminal continued to post as the account owner after the lockout.
- 66% of victims claim to have experienced a strong emotional response after losing control of their social media account,
- including feelings of being:
- violated 92%
- suicidal 77%
- 83% worried or anxious
- 78% anger.
Eva Velasquez, President, and CEO of the ITRC, asserts that obtaining social media verification shows how reliable and credible your profile is. Scammers are, however, developing new methods of attack. According to Velasquez, “criminals offer to help people in the verification process.” After taking control of the account, they block the real owner and start posting as that person or company. ”
Velasquez recommends that “consumers follow the instructions for the verification process directly from platforms like Facebook and Twitter to get verified on social media safely.” Do not accept help from someone who says they can ‘assist’ you through the process. ”
When remote working began during the COVID-19 Pandemic, according to James Lee, the ITRC’s Chief Operating Officer, “social media account hijacking significantly increased.” Consumers should “be aware of suspicious messages from friends and not click on links found in emails or texts unless you are 100% sure they are safe,” according to Lee.
The article How Cybercriminals Use Public Online and Offline Data to Target Employees describes another social media account scam technique and shows how a LinkedIn post about a new job opportunity was actually a phishing scam.
We all need to be aware of how social media account holders are being set up for targeted attacks, including customers and business executives. Attackers may target your social media accounts if they have sufficient information about you or your online behavior.
What can you do, then?
With these five prevention suggestions, you can be proactive and avoid social media account takeovers:
- Never use the same password across multiple accounts, especially your social media ones.
- Use a strong passphrase with 20 characters or a password manager.
- Avoid clicking on any links or texts contained in shady (or unexpected) emails or texts.
- Use a VPN and two-factor authentication (2FA), especially when using public WiFi.
- Be wary of phishing scams that pose as well-known companies like LinkedIn, Microsoft, DHL, Amazon, Apple, Google, and Netflix.
Summary: Social Media Account Takeover Fraud
Cybercriminals and ID theft criminals hijack Facebook and Instagram accounts to steal personally identifiable information. Social media account takeover attacks have increased by more than 1,000% in the past 12 months. The quick survey results of victims are included in the Identity Theft Resource Center’s 2022 Consumer Impact Report. Scammers are developing new methods of attack to take control of social media accounts. Consumers can be proactive and avoid social media account takeovers. Use a VPN and two-factor authentication (2FA), especially when using public WiFi, to protect against account hijacking.