Social Media Account Hijacking Jumps 1,000% in Last 12 Months: Report

Hijacking of social media accounts has reached epidemic proportions in the last 12 months, according to the Identity Theft Resource Center.

The report found that 70% of the victims of account hijacking were permanently locked out of their social media accounts and 71% had friends contacted by the hackers that compromised the account.
It may be easy to dismiss this type of identity crime as a mere inconvenience, the report noted, but it can have a profound financial and emotional impact on people.

For example, 27% of account hijacking victims told the ITRC they’d lost sales revenue when they lost control of their social media.

Abusing Trust

One of the biggest assets for any kind of phishing attack is having a “trusted” channel of communication.

If I get a phishing email from Citibank, I know I can ignore it because I don’t bank there, if you are using a social media account to attack the contacts of your victim, they are already preconditioned to accept your message as valid.

We tend to trust people we’re close to when they message us on social media.

If I get a message from my mother, I’m going to implicitly trust it If someone takes over her social media account, it wouldn’t be hard for them to trick me into sending them money, my Social Security number, or my account password.

By abusing this sort of trusted relationship, account takeovers can spread and be difficult for victims to detect when compared to, for example, a phishing email.

Popularity Breeds Hackers

By impersonating the actual owner of the account, a bad actor can create posts or send private messages that fool contacts into doing something they would not otherwise do, such as clicking on a malicious link, handing over credit card information or their credentials — which can lead to further account compromise — or depositing money into the attacker’s account.

That is why it is crucial that we create a personal and organizational culture of healthy skepticism, where everyone is taught how to recognize the signs of a social engineering attack no matter how it arrives — be it email, web, social media, SMS message, or phone call — and no matter who it appears to be sent by. Always check your source to keep you protected.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Blog > Social Media Account Hijacking Jumps 1,000% in Last 12 Months: Report