The social media have become one of the most successful communication channels and platforms such as Facebook, Twitter and Instagram They are used daily by millions of users, both for personal and commercial purposes. Only Instagram has more than 1 billion users a month, roughly one eighth of the world’s population current.
Cybercriminals are increasingly targeting these popular sites hunting for prey for ‘hacking’ and extortion. In recent years, experts at cybersecurity company Trend Micro have observed various groups and baits linked to these schemes.
For maximum impact, the cybercriminals behind this campaign go after social media ‘influencers’, a pattern that has also been seen in previous campaigns. Having accumulated not thousands but millions of followers and often making money from brand offers, affiliate marketing and other means, influencers have a lot to lose if their accounts are compromised.
How accounts are hacked
To attract the targets, the ‘hackers’ they often disguise their accounts as technical support accounts. Sometimes they assume the identity of a friend of the owner of the target account. They then use ‘phishing’ emails, messaging apps like Telegram and WhatsApp, or Instagram itself to reach the potential victim. For it, create new accounts or reuse stolen accounts.
The content of the ‘hackers’ messages claims that the account owner has committed a copyright violation or that they can provide a verified credential. According to the message of the ‘hackers’, the account will be deleted if the user does not verify their account by entering your details on a web page to which the hackers include a link in the message. The link leads to a ‘phishing’ site that mimics the official Instagram user interface.
If the user gives their real credentials, cybercriminals proceed to change the password of the account so that the original owner loses access to it. They then mine the account by downloading all the images and messages manually or via Instagram’s data backup feature. Hackers can even modify the account bio, share content through the ‘Stories’ function or reach the victim’s contacts.
Negotiating with victims
At the same time, the ‘hackers’ begin to negotiate with the victim. They tend to handle the ‘hacked’ account while the victim talks to them using a different account. Then, demand a payment in the form of bitcoin, prepaid credit cards or vouchers in exchange for restoring access. Based on the activity detected in some bitcoin wallets related to this campaign, it seems that some targets could have paid, as detailed from Trend Micro.
However, negotiation is nothing more than a ruse. They do this only so that the victim is not forced to report the incident through the proper channels and so that they can save some time, as downloading all account data can take up to two days. After the victim pays, the hackers will not return the account. Rather, they will only ask for more payments.
Many times, a single malicious actor manually compromises multiple accounts at once. There are also cases where each malicious actor belonging to a group has a designated role in the campaign, such as the operator of the ‘hack’, the payment collector or the leader who oversees the operation.
How to keep accounts safe
Users, for their part, can protect their Instagram accounts – or any of their accounts ‘online’ – by following a series of basic security recommendations offered by Trend Micro experts.
First, they advise users to configure a two-factor or multi-factor authentication. With this enabled, hackers will not be able to access an account even if they have the password. Instagram and many other sites have configuration settings for this.
It is also advised that never open links in emails and messages from unknown sources, as these links can lead to phishing sites. Users can check the official support page of the affected service or website to obtain more information in case of ‘hacking’ or deactivation of the account.
Finally, they recommend employ solutions to add layers of security such as Trend Micro Cloud App Security, which enhances the security of Microsoft Office 365, Google Workspace, and other cloud services through malicious URL detection (such as ‘phishing’ sites) hidden in the content and attachments of emails.
Also noteworthy are Trend Micro Worry-Free Services, which prevents credential ‘phishing’ messages and other email threats from reaching the network using ‘machine learning’ and other techniques; o Trend Micro Security, which offers protection to home users against email, file and web threats on your devices.