How Your Online “Friends” Can Steal Your Social Media Account

It’s time to resurrect the old adage “With friends like these, who needs enemies?” Thanks to the nonprofit Identity Theft Resource Center (ITRC), their work has uncovered a social media hack victimizing users of Facebook and Instagram using friendship as a lure. Although attacks targeting social media users are nothing new, this latest scam tugs on the heartstrings of helping a friend in need. But the only thing this friend really needs is overtaking your social media account with your help, of course.

Of the many scams circulating on social media, the ITRC found that account takeovers are on the rise. They reported that last year, the inquiries about these takeovers totaled 320. They also found that in the first three months of this year alone, those inquiries totaled nearly 500. Digital Shadows reports identity thieves sell the victim’s hacked Instagram credentials on the dark web for $45 a pop, compared to selling Social Security numbers for only $2 each.

With A Little Help from My Friend

The account hack starts when a user receives a message from someone they assume is a friend. This “friend” asks for help getting back into their own social media account and sends the victim a link to open for that help. Once the link is clicked, the victim is locked out of their account and the account takeover begins.

The ITRC report shows that of the surveyed victims of social media account takeovers, 70% were permanently locked out of their account. An astonishing 71% of victims say the hacker contacted the friends on their compromised account. About 67% of respondents say the hacker continued posting to their stolen account after being locked out. Having no control over what a hacker posts in your name is not only disturbing, but the posts can also help the attacker procure more victims for future crimes, using your friend list.  

Avoiding Social Media Account Takeover Scams

The ITRC lists what their study victims say they now do, and wish they had done, to minimize the risk of another account takeover. Remember, these tips were learned the hard way and they can help keep you from turning over your social media account to a hacker. According to the study, some of their actions include: putting security monitoring or credit freeze on credit reports; regularly checking credit reports; using unique and complex passwords or passphrases for online accounts and apps; using multifactor authentication when it’s available; regularly updating mobile devices and computer hardware and software; not accessing or downloading sensitive information on public Wi-Fi.

The ITRC invites questions and provides support for minimizing vulnerability to social media account takeovers by visiting their website, through live chat or by phone. Their help is also available to those who believe they may have already had their account compromised.

Jim Stickley, CEO
Stickley on Security

Jim Stickley has stolen credit cards, hacked Social Security numbers, robbed banks, created fake ATMs, broken into armed government facilities and stolen from teenagers. Fortunately for all victims involved, Jim is a cybersecurity expert with over 20 years in the industry who was hired to perform these attacks by corporations testing their security, and news agencies interested in knowing just how easy it is to commit identity theft. His job is to find security flaws before the real criminals find them and educate people and organizations about what they can do to protect themselves.

Today, Stickley is the CEO of Stickley on Security and can be seen throughout the United States speaking on topics that range from basic identity theft to national cyber terrorism. In addition, Stickley can be seen on numerous TV news programs, is a frequent guest on NBC’s Today Show, and is the security expert featured in LifeLock® infomercials.