The Weekly Breach Breakdown: Hacked and Furious – The Rise in Social Media Account Takeovers
- 03/17/2023
- 4
- 7
Home Help Center Hacked and Furious – The Rise in Social Media Account Takeovers
- In 2022, the Identity Theft Resource Center (ITRC) saw one attack vector increase more than any other: social media account takeover. The ITRC received four times the number of inquiries in 2022 compared to 2021 and 40 times more inquiries than in 2020.
- Identity criminals use phishing attacks to access people’s social media accounts. To reduce the likelihood of being a victim, never click on unknown links, use unique 12+ character passphrases on all accounts and enable two-factor authentication (with an app if possible).
- If someone takes over one of your social media accounts, immediately change your password and contact the platform’s support team. Also, monitor your account for unauthorized activity and report it to the platform.
- To learn about data compromises, consumers and businesses should visit the ITRC’s improved data breach tracking tool, notified.
- The ITRC has launched a beta test of a new service for businesses that want to ensure they receive a notice when a data breach is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”.
- If you believe you are the victim of an identity crime, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website, idtheftcenter.org.
Hacked and Furious
Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for March 17, 2023. Thanks to Sentilink for their support of the podcast. Each week, we look at the most recent events and trends related to data security and privacy. This week, we talk about social media account takeovers and how platforms like Instagram, Facebook and Twitter are targeted by identity criminals who use various methods to gain access to users’ accounts.
If you are familiar with the Fast and Furious movie franchise, you are no stranger to ever-increasing stakes. From unsanctioned street races to saving the world from an international threat, each movie raises the stakes with an even badder big bad. In this case, the big bad is social media account takeovers, and it’s bigger and badder than ever.
Social Media Account Takeover Cases Increased in 2022
In 2022, the ITRC saw one attack vector increase more than any other: social media account takeover. According to reports made to the ITRC, scammers continue to impersonate people their victims know to get their sensitive information. Criminals are also using data from past breaches to hack and spoof accounts.
Between April 2021 and March 2022, 85 percent of reported victims had their Instagram accounts compromised. Seventy (70) percent of victims had been permanently locked out of their social media accounts, and 71 percent of victims reported the criminals had contacted additional friends listed in the “friends” list of their social media accounts. Sixty-seven (67) percent reported that the criminals continued to post as the account owner after they were locked out.
In 2022, the ITRC received four times the number of inquiries compared to 2021 and 40 times more inquiries than in 2020. While many social media account takeovers are on Instagram, plenty of attacks occur on other platforms, such as Facebook and LinkedIn.
Criminals Use Phishing Attacks to Access Social Media Accounts
One of the most common methods identity criminals use to gain access to your social accounts is phishing. It involves sending emails or direct messages that appear to be from the social media platform, asking users to click on a link and enter their login credentials. Once the identity criminal can access the user’s account, they can post harmful content, steal personal information and even demand ransom payments. In 2022, 48 percent of reported victims believed they were clicking on a link they thought was from a friend.
How to Avoid a Social Media Account Takeover
- Don’t click on links in messages unless you verify with your friend directly that they sent the message.
- Make sure to use a strong and unique passphrase, preferably one more than 12 characters long, that you never share with anyone.
- Use two-factor authentication on your account, preferably with an app since text messages can be spoofed, and make sure the email associated with your account is secure.
What to Do If Someone Took Over Your Social Media Account
Immediately change your password and contact the platform’s support team. To help Instagram confirm that you own the account, you can request that they send a login link to your email address or phone number. You should also monitor your account for unauthorized activity and report it to the platform.
ITRC Breach Alert for Business Coming Soon
The ITRC has begun a beta test of a new service for businesses that want to ensure they receive a notification when a data breach at a vendor or partner is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”. We will have more details in the coming weeks.
Contact the ITRC
If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.
Thanks again to Sentilink for their support of the podcast. We will have a special guest next week on our sister podcast, The Fraudian Slip, and will be back in two weeks with another episode of the Weekly Breach Breakdown.
- Follow on LinkedIn: www.linkedin.com/company/idtheftcenter
- Follow on X: www.twitter.com/IDTheftCenter
Related Resources
Get ID Theft News
Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center