Social engineering deceptions are still in force and, in this sense, identity theft to obtain some monetary revenue increased in social networks. ESET, a company dedicated to proactive threat detection, explained how one of the latest social media scams works and shares tips to avoid falling for these scams.
In order to understand how users dealt with these deceptions, ESET researcher Jake Moore decided to clone his own account, with a spare phone and taking four screenshots of his original account to imitate the actions of cybercriminals. The only difference in his new account, besides the number of followers, was a change in the bio in which he included a text that said “NEW ACCOUNT AFTER LOSING ACCESS TO THE ORIGINAL”.
Then, he started following 30 of his friends, 10 from private accounts, requiring acceptance, and 20 public accounts.
“I was hoping that someone would contact me through a different communication method and question this request, particularly due to the role in which I work and the embarrassment to which I could have been subjected, although also understanding that we are all susceptible to compromise account. But nobody did. In fact, the numbers increased ”, Jake Moore commented.
Replicating the actions of the cybercriminals, he sent a message to his followers, thanking them for accepting the new request and mentioning the incident, also regretting that they had attacked their bank accounts and that they did not have money until the problem was resolved.
The interlocutor, believing that he is talking to the person responsible for the account, finds the conversation more credible and offers his help.
“What I found most disconcerting was the speed with which everything escalated and that I was able to fool the targeted target into thinking it was genuine, without the need for additional verification. I was even able to get the person himself to offer me help, which gave it a little twist. This is usually a smart technique used by professional social engineers who play a psychological game to avoid asking for the money directly. “added the ESET researcher.
In this sense, ESET offers some recommendations on how to keep social media accounts safe:
As far as possible, reduce the amount of personal information and photos online. Although it is a big task, it is important to teach the next generation of social media users the importance of limiting the amount of information that is posted before it is exposed forever. This scam would not work the same way on private accounts, although there are private accounts that accept people they don’t necessarily know.
Check the content of what is published. It also applies to accept followers, take a few seconds to decide if you are willing for that user to know more details about the day to day. In turn, being completely public is subject to dangers like this.
When money is involved, never accept anything or provide confidential information without carefully analyzing it. It is essential to request validation through another form of communication before sending money to a new beneficiary, or sharing account or credit card information.
“This scam is not only limited to Instagram, it has also been seen on Facebook, Twitter and LinkedIn, so be sure to keep an eye out for cloned accounts. Report these accounts and inform the real owner of the same. From ESET we bet on education as the first protection tool, knowing the risks to which one is exposed allows us to take measures to prevent threats: keep our systems updated, have a security solution in our devices and know the news in terms of attacks, they help to enjoy the technology in a secure way ”, says Luis Lubeck, Information Security Specialist.
– .
