PCMag SecurityWatch

Are they real friends? New social media scam.

Views expressed in this cybersecurity-cyber crime update are those of the reporters and correspondents.

Accessed on 18 May 2022, 0217 UTC.

Content provided by email subscription to "PCMag SecurityWatch."

Source: https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGpFzrjrSFXpVvLHmhqLnHdqDfn

Please click link or scroll down to read your selections.

Thanks for joining us today.


https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, and information security)

PCMag SecurityWatch
Are They Your Real Friends? Watch Out for This Social Media Scam
As long as social media platforms have been around, there have been hackers attempting to take control of accounts. Remember MySpace? My friends' page for their band was hacked a number of times, sometimes by malicious strangers, sometimes by overzealous fans. Back then, if a hacker got into your MySpace account, they had access to your friends' list, private messages, photos, and blog posts. It was a lot, but it's nothing like the treasure trove of information many of today's social media accounts contain.

Facebook accounts often contain your real name, email address, birth date, relationship status, and physical address. In addition to storing all your private messages, photos, and feed posts, Facebook is also used to log in to other websites. If a hacker manages to take over your Facebook account, they may have access to some of your other accounts around the web. The same goes for Instagram, which is also owned by Meta.

What Hackers Want

Criminals need all your personally identifiable information (PII) to commit identity fraud or to sell your account to the highest bidder. According to a report from Privacy Affairs, the cost of a Facebook account on the dark web is $45. An Instagram account goes for $40.

According to the Identity Theft Resource Center (ITRC), the internet safety organization received nearly 500 social media account takeover reports in the first three months of 2022. That's up from the 320 the ITRC received in 2021. Experts at the organization say criminals are committing Instagram scams by posing as a “friend” of the victim. The hacker lures in their victim with an email or a private message stating they need help getting back into their Facebook or Instagram account. The hacker sends a malicious link in their message, and when the victim clicks on it they lock themselves out of their account and give access to the hacker.

How to Avoid a Social Media Account Hack

The demand for hacked social media accounts is high. Don't let yourself be caught off guard by a scammer. Take the following steps to keep your account locked down and secure. 

  • Never click on any links sent to you until you verify they're from someone you know. If a friend sends you a message that contains a link, attachment, or file, reach out to the friend via a phone call or video chat to make sure they sent you the message. 

  • Avoid sharing your personal information with anyone. Scammers build trust with their victims in the hope that they’ll hand over PII. This is especially common in dating scams. You should never share passwords, PINS, codes, or any other type of sensitive information with someone you've never met in person.

  • Use multi-factor authentication and a strong and unique password on your account. You should also store the password in a password manager. Consider using a hardware security key to protect your accounts that contain the most PII.

  • Stop downloading third-party apps within a social media platform. If third-party apps have your information, you may not know where or how it's being stored. It is another place for hackers to get their hands on your valuable social account credentials. Only download applications from recognized stores, such as the Apple App Store, Google Play, and Microsoft Store.

  • Don't talk to strangers. Isn't the free exchange of ideas the point of the internet? Maybe it was at one time, but these days, answering a private message from a person who doesn't have any shared friends with you could be a setup for a phishing scam.

What to Do If Your Instagram Account Gets Hacked

If you believe your Instagram account has been hacked, here are six steps to take.

  1. Check your email account for a message from Instagram. If you received an email from Instagram's security team that says your email address was changed, you might be able to undo this change by selecting “revert this change” in that message. If additional information was also changed (like your password), and you’re unable to change back your email address, request a security code from Instagram.

  2. Request a login link from Instagram. To help Instagram confirm that you own the account, you can request that they send a login link to your email address or phone number. To make a request, visit the login screen, and tap Get help logging in (Android) or Forgot password (iPhone).

  3. Enter the username, email address, or phone number associated with your account, then tap Next. If you don’t know the username, email address, or phone number associated with your account, tap “Need more help?” and follow the on-screen instructions.

  4. Select either your email address or phone number, then select Send Login Link.

  5. Click the login link in your email or a text message (SMS) and follow the on-screen instructions.

  6. Request a security code or support from Instagram. If you’re unable to recover your account with the login link sent to you, you may be able to request support for your hacked Instagram account. For more information on how to do this, visit Instagram’s Help Center for step-by-step instructions.

Get this email from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.

What Else Is Happening in the Security World This Week?

How to Create a Strong Password Generator. Do you trust the passwords created by third-party software to be truly random and safe? No? Here's how to build your own random generator for uncrackable passwords.

US Jails Ukrainian For Hacking 6,000 Servers and Selling Access To Them. Glib Oleksandr Ivanov-Tolpintsev cracked the passwords to more than 6,000 online servers and then apparently sold access to them on an illegal marketplace called xDedic.

Hackers Reportedly Gain Access to Drug Enforcement Administration Data Portal. Never has the term "epic fail" been more accurately used to describe what happened.

Texas Man Gets 5 Years for Buying Stolen Logins for 38K PayPal Accounts. Marcos Ponce stole an estimated $1 million in funds from the affected PayPal accounts.

EU Proposal Could Sacrifice Privacy to Address Child Abuse. The commission says it wants to establish new rules that would require companies to scan for child sexual abuse material as well as "grooming," but critics have mass surveillance concerns.

Save $50 on IPVanish VPN
If you buy something from our links, we may get a commission from the sale. Learn more here.
Norton Flash Sale Up to 83% off your first year of Norton Security

Thousands of Websites Collect Everything You Type
Just because you didn’t click the submit button on a web form doesn’t mean the site didn’t record your information. As PCMag’s Matthew Humphries writes, research shows that many websites are collecting every character you type, as you type them. A research team looked at the top 100,000 websites and discovered that nearly 3,000 US-based websites collect email addresses.

It sounds pretty nefarious, but the research also shows that some of the websites aren't collecting the characters on purpose. The sites leak the information via third-party tools used for marketing and analytics.

Researchers found that in the US, more than 8,400 websites leaked user data to Meta, and 154 sites leaked data to TikTok. Both Meta and TikTok were informed of the data leaking by the research team, but neither company has confirmed the collection stopped. This is a good time to remember that Facebook says it can't control where your data goes.

If you’re worried about your privacy, there are easy steps you can take to better protect yourself online. We also recommend sharing less about yourself online in the first place. You never know who is viewing your information and what they are doing with that data. Keep it secret, keep it safe.

iPhones Can Run Malware While Turned Off, Researchers Discover

US Claims a Heart Doctor Has Been Busy Creating Ransomware

HP Patches BIOS Vulnerabilities Affecting Over 200 Laptops, Workstations

Google Taps Smartphone's Bluetooth to Foil Phishing Attempts on User Logins

EU and UK Blame Russia for Hack That Disrupted Viasat's Satellite Internet

Want more deals like these delivered to your inbox?
Extra $100 off select Dell Gaming & XPS Gaming PCs over $1499 (Excludes Doorbuster Deals), use code: 100OFF1499

TP-Link KC120 Kasa Indoor 1080p Wi-Fi Network Camera w/ Night Vision, 2-Way Audio & Motion Detection
$49.99 $34.99  

Apple 10.2" iPad 64GB Wi-Fi Tablet (2021 Model) w/ A13 Bionic Chip, Touch ID
$329.00 $309.00  

256GB Samsung EVO Select microSDXC up to 130MB/s Transfer Speeds Memory Card
$39.99 $26.99  

All product and deal information such as discount, price and availability are believed to be accurate as of the time of publication. Please verify these details with the merchant site and check the merchant's terms and conditions before you buy. Publisher is not responsible for errors or omissions.


Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.