The Weekly Breach Breakdown Podcast by ITRC - Hacked and Furious - S4E7

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for March 17, 2023. Thanks to Sentilink for their support of the podcast. Each week, we look at the most recent events and trends related to data security and privacy. This week, we talk about social media account takeovers and how platforms like Instagram, Facebook and Twitter are targeted by identity criminals who use various methods to gain access to users’ accounts.

If you are familiar with the Fast and Furious movie franchise, you are no stranger to ever-increasing stakes. From unsanctioned street races to saving the world from an international threat, each movie raises the stakes with an even badder big bad. In this case, the big bad is social media account takeovers, and it’s bigger and badder than ever. 

Social Media Account Takeover Cases Increased in 2022

In 2022, the ITRC saw one attack vector increase more than any other: social media account takeover. According to reports made to the ITRC, scammers continue to impersonate people their victims know to get their sensitive information. Criminals are also using data from past breaches to hack and spoof accounts.

Between April 2021 and March 2022, 85 percent of reported victims had their Instagram accounts compromised. Seventy (70) percent of victims had been permanently locked out of their social media accounts, and 71 percent of victims reported the criminals had contacted additional friends listed in the “friends” list of their social media accounts. Sixty-seven (67) percent reported that the criminals continued to post as the account owner after they were locked out.

 In 2022, the ITRC received four times the number of inquiries compared to 2021 and 40 times more inquiries than in 2020. While many social media account takeovers are on Instagram, plenty of attacks occur on other platforms, such as Facebook and LinkedIn.

Criminals Use Phishing Attacks to Access Social Media Accounts

One of the most common methods identity criminals use to gain access to your social accounts is phishing. It involves sending emails or direct messages that appear to be from the social media platform, asking users to click on a link and enter their login credentials. Once the identity criminal can access the user’s account, they can post harmful content, steal personal information and even demand ransom payments. In 2022, 48 percent of reported victims believed they were clicking on a link they thought was from a friend.

How to Avoid a Social Media Account Takeover

1. Don’t click on links in messages unless you verify with your friend directly that they sent the message.
2. Make sure to use a strong and unique passphrase, preferably one more than 12 characters long, that you never share with anyone.
3. Use two-factor authentication on your account, preferably with an app since text messages can be spoofed, and make sure the email associated with your account is secure.

What to Do If Someone Took Over Your Social Media Account

Immediately change your password and contact the platform’s support team. To help Instagram confirm that you own the account, you can request that they send a login link to your email address or phone number. You should also monitor your account for unauthorized activity and report it to the platform.

ITRC Breach Alert for Business Coming Soon

The ITRC has begun a beta test of a new service for businesses that want to ensure they receive a notification when a data breach at a vendor or partner is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”. We will have more details in the coming weeks.

Contact the ITRC

If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the podcast. We will have a special guest next week on our sister podcast, The Fraudian Slip, and will be back in two weeks with another episode of the Weekly Breach Breakdown.