Learn how to avoid falling victim to the current Instagram threat or any social attack.
Not a pretty picture: A current threat actively terrorizing Instagram users is shutting down high-profile accounts. A recent string of cyberattacks targeting popular influencers — some with over 100,000 followers — have account-holders alarmed while the social media company itself has not yet commented.
The hackers gain access to the accounts through a phishing scam posing as a potential business partnership. The victims receive an email containing a proposal to work together and a link to what the sender claims is their own Instagram site. When the victims click the link, they are taken to a phony Instagram login page, designed to capture all entered credentials. Once the victim “logs in,” the hackers have the username and password.
The hackers then use the stolen credentials to log into the influencer’s account. To be clear, what’s going on behind the scenes is that the criminal is simply locking the user out of his or her own account, and then demanding a ransom in Bitcoin to regain access. The requested ransoms have been fairly low — one case was $110, another was $122. Panicked at losing the following the victim has built up over time, some paid the ransom, but to no avail. The ransomers did not decrypt the accounts.
While it sounds like yet another upsetting attack on our daily social lives, Avast Security Evangelist Luis Corrons points out that there’s an easy solution to ward off such cyber thugs: “These attacks can easily be avoided by enabling two-factor authentication,” he explains. “I believe that well-established social media companies should in fact enable 2FA by default; this alone would decrease the number of hacked accounts to almost zero.” Corrons goes on to say that today’s technology offers a number of non-intrusive two-factor authentication systems that increase the security of our accounts without being a nuisance for users.
“Every one of my accounts, from Facebook to Twitter, LinkedIn to Google, have two-factor authentication enabled – and it’s nearly transparent in use. In fact, I could publish my passwords on the web for all to see and people would still not be able to log into my accounts due to the extra layer of security that 2FA provides.”
To make sure you are never the hapless victim of ransomware, Avast recommends:
In order to protect our loved ones and our communities during the holiday season, we've put together a list of seven creative and heartfelt tips on how to host a virtual holiday this year.
This week's Privacy Refresh is all about Instagram. Here are a batch of daily tricks to protect your privacy while using this popular platform.
Reviewing Tanya Janca's "Alice and Bob Learn Application Security", which is both a crash course in app security for newbies as well as a refresher for those that have been doing the job for a few years.