Table of Contents
Social networks are fully incorporated into our lives. Currently, 85% of the Spanish population uses a social network, both on a purely personal and professional level. Likewise, 67% of Spanish companies used social networks as communication and business tools in 2021. Given their level of penetration in society and their economic impact, numerous malicious actors are increasing the frequency and ways of hacking social network accounts for spurious purposes, from impersonation to account hijacking and transformation.
Just as technology has evolved rapidly in recent years, criminals have also innovated when it comes to designing tactics and implementing techniques to make their attacks successful.
Professionals who provide cyber intelligence services have found that social networks have become an attack vector for high-profile fraud. This means that platforms, organizations, and users must take the fight against social media account hacking and impersonation very seriously.
The business model of some companies, the privacy of users, or the integrity of bank accounts are at stake.
In this article we will address the most common types of attacks today, paying special attention to cutting-edge strategies that combine both the hacking of social network accounts and their use to transform them into fake profiles.
1. Creation of fake profiles to commit fraud
The most relevant news on social media platforms throughout 2022 has undoubtedly been Elon Musk’s purchase of Twitter. The operation has been making headlines in the media for months. One of the reasons why Musk has tried to cancel the purchase lies in the huge number of fake profiles that exist on the social network.
This case shows the proliferation of fake accounts for years, thanks, to a large extent, to the few requirements requested by the platforms when creating the accounts.
Although this situation has changed in recent times, as we will see below, many criminals continue to use the creation of fake profiles to commit digital fraud. To do so, they often choose to create accounts of real people on platforms on which they have no profile. For example, a bank branch manager has a LinkedIn and Facebook profile, but not an Instagram or Twitter profile.
1.1. Fake accounts of managers of financial institutions
Precisely, managers of financial institutions are one of the most commonly used profiles for impersonation.
Fake profiles of these professionals are created with a clear objective: to defraud third parties. Through these fake accounts, malicious agents offer loans to hypothetical customers on very advantageous terms and other kinds of financial products and services. These fake offers are the perfect excuse to obtain all the personal and financial information of the people contacted to commit fraud.
We are, therefore, facing complex and sophisticated phishing campaigns, which do not use email or SMS to attack victims, but social networks.
These attacks are carried out in two different ways:
- Passive. The fake account does not initiate the communicative relationship with the victim, but it is the victim himself who gets into the lion’s den by contacting the fake manager.
- Active. When the victim starts following the fake profile on the social network, the fake profile writes to the victim ipso facto to start offering financial products such as loans with excellent conditions.
1.1.1. Why do they impersonate these professionals?
Criminals select this type of professional profile not only because their connection to the world of finance facilitates economic fraud and the theft of money from victims. But also because they are perfect to be coated with a patina of credibility.
On the one hand, as they are professionals working in financial institutions, it is easy for victims to go to the websites of these companies or Google to search for their name, and the results they obtain verify that, indeed, that person exists and occupies the position listed in their profile.
On the other hand, because they are generally profiles with few followers, which makes it difficult for the victim to discern whether the profile is real or not.
In addition, if the aggressors create a fake profile on a social network where the professional does not have an account, they can use data and photographs that appear on platforms where there are legitimate accounts.
This increases the credibility of the fake profile.
1.2. Micro-influencer spoofing
Another type of users that are perfect for impersonation are micro-influencers. In other words, people who have profiles on social networks with tens of thousands of followers, but who have not achieved a status of fame and social impact of the magnitude of influencers who are known by large layers of the population. In other words, malicious actors do not create accounts to impersonate Ibai Llanos or María Pombo, but that of a gamer with 40,000 followers.
If in the case of the managers of financial institutions the bait is the products they market, in the case of micro-influencers it is the sweepstakes that these profiles organize regularly. From tokens in video games such as Fornite to being able to buy skills, to the widest variety of products and services.
Thus, the fake account organizes supposed sweepstakes using, on many occasions, images of old sweepstakes organized by the real profile. This makes the fake sweepstakes very believable. What is the goal? To obtain user data to carry out fraud and launch other attacks.
In these cases, the most common is that, as soon as the victim follows the account, the criminals contact the victim and demand that it be a specific geographical region. From there, they start collecting information. First personal and contact information, then financial data.
2. The fight against the creation of fake accounts has sharpened the ingenuity of criminals
As we pointed out earlier, the rise of fake accounts has become a problem for the platforms, calling into question their business model. In such a way many of them, such as Instagram, have made great efforts to make the creation of fake accounts more difficult.
Thus, they have proceeded to increase the requirements for verifying the identity of users when creating profiles. For example, Twitter has included a tag that guarantees that a user has been validated by entering his or her cell phone number.
These measures have made it more difficult to impersonate users through the creation of fake accounts discussed in the previous section. What has been the reaction of the criminals? They have turned their strategies and methodologies towards a new type of fraud: hacking into existing legitimate accounts.
Why? The increase in the requirements for creating profiles on this type of platform has not been accompanied by an increase in the fortification and securitization of the profiles of legitimate users. As a result, it is now easier for many criminals to hack into social network accounts and transform them into fake profiles than to create such profiles.
This is because while the requirements for creating profiles are increasingly demanding and complex, the possibility of managing an account, once access to it has been breached, without being detected by the platforms’ security system is high and the recovery of the account by its legitimate user is very complex.
3. Most popular methods of hacking accounts in social networks
There are two main types of social network account hacking. On the one hand, the one we have just mentioned, i.e. the hijacking of profiles and their use to impersonate users other than the legitimate owners of the accounts. On the other hand, we would find the use of hacking accounts on social networks to extort money from their owners.
3.1. Extortion of micro-influencers
One of the most typical cases of hacking of social network accounts targets micro-influencers. Unlike the creation of accounts to impersonate their identity, in these cases, the content creators are not the bait, but the direct victims of the attack.
The criminals access the profile and hijack it, demanding that the micro-influencers make a payment to get it back. Generally, the ransom demand is not made in euros, but in cryptocurrencies such as Bitcoin or Ethereum. Since these are more difficult to trace, criminals can move the stolen money through fraud more easily. Thus making it more difficult to investigate the crime.
Although there have been kidnappings of large Instagram accounts, even asking for millionaire ransoms, the ideal victim profile is the micro-influencer. Because they cannot pressure the platform to actively contribute to putting an end to the security incident, but, at the same time, this profile is their way of life and they are willing to pay large financial figures to get it back. After all, the loss of the account directly affects the continuity of their business.
In some of the several cases that Tarlogic Security’s cyberintelligence team has investigated and helped to successfully solve, the criminals not only demanded a ransom to return the account to its rightful owner but, as a pressure measure, threatened to undermine the victim’s community and cause him to lose followers.
3.2. Transforming accounts with few followers into fake profiles
In addition to this type of social network account hacking, Tarlogic’s professionals have detected the rise of a new strategy that combines profile breaches with impersonation.
The target of this type of attack does not profile large communities but accounts with hundreds of followers and little response capacity. For example, teenagers whose community is small and who do not know what measures to take to recover their profiles in the shortest possible time.
The modus operandi is as follows. Once the criminals have taken control of the account, they proceed to transform it from end to end. They delete the user’s photos and all their data. They replace them with images and information about the person they are trying to impersonate. From this point on, the procedure is similar to that used in cases of fake account creation. Social engineering techniques are used to obtain information about the victims and carry out fraud.
In this type of social network account hacking, there are two victims. On the one hand, the person whose account has been hijacked and completely emptied, dispossessing them of both their content and their community. On the other hand, phishing victims that are tricked through identity theft.
All this shows the level of sophistication of the tactics and techniques employed by malicious actors.
4. The complex mission of recovering an account… especially if there is no trace of you left behind
The scope of these attacks is exacerbated by the complexity of recovering an account after a hack. The process that users have to go through is long and difficult. Especially if the users have no resources or capacity to act, as in the case of teenagers, the criminals are in a different country or the hijacking of the profile has led to its total transformation.
This last issue makes it very difficult to recover a hacked account. If your profile has been hijacked, you can use your data, posts, and photos as proof that your profile belongs to you. However, if none of these elements are already present in your account, how do you prove that you are the rightful owner? Your profile has been emptied to the point that it is no longer yours, but that of an alleged influencer.
The platforms ask the victims of social media account hacking to provide evidence so that they can check it against the existing content on the profile. But since such content no longer exists, platforms like Instagram have a hard time verifying its veracity. Even though they should have systems in place to be able to recover deleted content.
If, in addition, the user uses the profile as their main work tool, as in the case of influencers, or as a business channel, as many freelancers and companies do, if the account recovery process is lengthy, their income and the viability of the business itself may be compromised.
5. Hacking social network accounts can be used for more critical purposes
In the previous section, we discussed two prototypical targets of victims: influencers and users with few followers and, in many cases, teenagers. But what happens if the account of a professional with a certain rank in a company is hijacked? And what if the victim is a public official? Hacking accounts on social networks can become a means to achieve more critical ends than extorting content creators and obtaining information to carry out economic fraud.
Tarlogic’s cyber-intelligence team warns that this type of attack could lead to the attackers gaining access to certain infrastructures or facilitating the implementation of large-scale frauds.
Most users are not fully aware of the wealth of information contained in their social network accounts. In private messages on their LinkedIn account, a professional may have confidential data about their company that they have discussed with someone else. Meanwhile, in Instagram messages, a person may have sensitive information about himself or those closest to him. Or even private audiovisual and photographic material.
Hacking accounts on social networks can open up a very wide range of frauds that have a decisive impact on people’s lives and the companies they work for.
6. The personal and professional consequences of social network account hacking
The truth is that for millions of people, social networks serve a dual function. On the one hand, they are a means of entertainment, access to information of personal interest, content consumption, and communication with friends and people with common interests. On the other hand, they are a professional tool, used to promote the services they provide and to get in touch with other professionals and interesting players in their sector.
This means that the boundary between the personal and the professional is blurred on these platforms. And malicious actors take advantage of this situation.
For example, a criminal can hijack the Twitter account of a senior manager of a company and extort money from him, threatening to publish his private messages, some of them compromising, if he does not perform an action that involves providing access to the company’s systems.
In other cases, the attackers do not target any company, but the victim is also the exclusive target of the attack. This type of fraud ranges from simple extortion, for example, demanding payment of a sum of cryptocurrencies in exchange for not disclosing intimate images (sextortion). To more complex attacks, in which the information obtained in the profile is used to carry out social engineering campaigns.
But attackers do not use the hacking of social network accounts to threaten their owners or attack the businesses they work for. Rather, the hijacking of a profile can have repercussions for their circle of trust. Our social networks store a wealth of information about ourselves, the people around us, and the companies we work for.
The possibilities for fraud are endless. The hacking of social network accounts can end up triggering very serious economic, legal, reputational, and personal consequences.
7. How is social media account hacking carried out?
To fight against the hacking of accounts on social networks and avoid the effects it can trigger, it is essential to focus on the tactics and causes that facilitate the success of these attacks.
7.1. Use of phishing
Social engineering is a constant throughout the process. Many hijackings and impersonations are used to launch phishing attacks, but, in addition, hacking of social network accounts is often carried out through this type of attack. Especially in the case of influencers.
Sometimes, attackers pose as Instagram or Twitter and send an email to the victims tempting them the cataloging of their profiles as verified accounts. They create a seemingly real website where influencers have to enter their account credentials, making it easier for criminals to hijack their accounts.
Another common method is to send content creators fake offers from companies that want to establish a business relationship with them. These companies ask the micro-influencer to fill out a form with their account information. In both cases, the malicious actors get hold of the data needed to hack the accounts.
7.2. Fishing in international waters and targeting vulnerable users
As noted above, in many cases of profile hijacking, the attackers come from a different country than the victims. The aim of internationalizing the fraud is to make the account recovery process and the investigation more difficult.
Along the same lines, targeting vulnerable users with limited capacity to act is also part of a deliberate strategy to extend the hijacking as long as possible.
No doubt hacking the social network account of a relevant person, such as a high-level professional, can allow criminals to develop more complex and lucrative frauds, from demanding large ransoms to gaining access to high-value information or critical infrastructures. However, such profiles have more tools and resources at their disposal to defend themselves, speed up account recovery and investigate the incident.
7.3. Attacking the chain of human relationships
One of the central issues in cybersecurity today is the protection of a company’s supply chain. Even if a company implements security programs to protect its critical assets, if any of its suppliers fail to secure their infrastructures, malicious actors can use them as a means of attacking the company.
In the realm of human relationships, something similar occurs. Attackers can launch a fraudulent campaign against a target by first attacking people in their circle of trust.
Thus, criminals use small profiles to target large or particularly valuable accounts. For example, hijacking the account of a close friend of a person in a position of responsibility can be the perfect Trojan horse to attack them.
We often get messages on our Instagram or Twitter profiles from people we don’t know and therefore we avoid opening them. However, if a user we trust sends us a message, we have no reason not to trust them. This message can lead us to phishing campaigns or facilitate the deployment of malware on our devices.
The chain of human relationships is an entry vector to users who are more protected or aware of security risks. Or put another way, it is a means to reach a primary actor by attacking a secondary actor.
An individual can limit as much as possible the actions he takes on the platforms, build a community composed only of users he fully trusts and implement measures such as double authentication to log in to his account. And yet, despite all this, he can still be vulnerable if attackers manage to hijack one of the people who make up his community.
7.4. Social engineering + Malware: The increasing bundling of attacks
The increase in the hacking of social network accounts is not only due to increased requirements and control measures in the registration of new accounts but also to the growing bundling of attacks.
Today, multiple types of malware are being marketed on the dark web to steal victims’ browser cookies and passwords to hack into social media accounts.
This bundling of malware and ransomware means that it is not necessary to have great technical knowledge to design and execute these attacks. This democratizes cybercrime. In such a way that a person, without being an expert in the field, can buy a pack in forums on the dark web or in messaging applications such as Telegram, set it up, and start a fraud.
The spread of sources from which to find information or buy an attack pack and the combination of malware and social engineering techniques have increased the number of attackers and attacks. And thus the risks faced by users of social networks.
7.5. Users and businesses are not aware of the importance of social network security
Combating this type of attack is more complex if you have not previously implemented security measures to protect access to and management of your profile. It is also important that our habits and practices on social networks take into account the risks associated with their use.
As the saying goes, «we only remember Santa Barbara when it rains». There is no point in regretting later for not having opted for actions such as the double authentication factor.
All users of social networks should be aware of the existing security risks and the consequences of such an incident.
8. From a teenager to a manager: Everyone can be a victim of social network account hacking.
Throughout the article, we have been pointing out some key targets of malicious actors: influencers, executives of financial institutions and their trusted people, and teenagers with small communities… The enormous diversity of profiles indicates a point that we cannot ignore: we can all be targeted by attackers.
Many people and companies believe that because they are not public figures or extremely visible companies, they do not run the risk of any actor impersonating them or hijacking any of their profiles on networks. This is a big mistake. Experience shows that no one is safe. Malicious users can breach the profiles of any citizen and use them to unleash multiple frauds: from extortion to taking control of bank accounts.
8.1. Platforms accumulate a lot of information about our lives
As we said before, social awareness of security on social networks is still far from adequate. These platforms hold an enormous amount of data on individuals and organizations. Even an express hijacking lasting just a few hours can have extremely serious repercussions for the user, the company he or she works for, and the people around him or her.
In recent years, much has been written about the reign of appearances on social networks. About the fact that in them we publicly show the friendliest side of our existence. However, the hacking of social network accounts works as if someone were opening a gateway to our lives, to who we are, what we think, and what we know. Our accounts contain key data that, if they fall into the wrong hands, can leave us exposed to fraud. And it doesen’t matter if you are not an influencer. Ordinary citizens and small businesses can also be victims of these attacks and suffer the consequences.
9. Platforms must take steps to secure legitimate accounts
Beyond the necessary awareness of citizens and the business community, user protection undoubtedly involves securing accounts.
Platforms must design and implement countermeasures to fortify access and management of profiles and establish barriers to make hacking of social network accounts more difficult.
The efforts made in the field of profile registration to validate and legitimize the identity of the initial user are important and have helped platforms to detect anomalies in registration, as well as automation when accessing accounts and blocking malicious actors.
But these actions, aimed at eliminating fake accounts, must be accompanied by a comprehensive strategy to increase account fortification and protect existing legitimate users. Otherwise, social networks will become an extraordinarily complicated terrain for individuals and companies and criminal activity will shift, as can already be detected, toward higher-impact frauds.
10. Cyber-intelligence services to protect accounts and facilitate account recovery
Increased account security by platforms and user awareness is essential to curb the proliferation of account hacking on social networks.
Beyond these issues, cyber-intelligence teams are key players in protecting user accounts, facilitating their recovery in the event of a hijacking, and investigating the methods used by attackers in the event of an incident.
Tarlogic’s professionals have accumulated over the past few years an extensive background in the field of social network fraud, as well as in the study and implementation of measures to combat phishing and other social engineering techniques.
In a scenario in which attackers innovate day by day, perfecting their tactics and methodologies and devising ever more sophisticated attacks, cyber intelligence teams must constantly investigate to learn about the techniques on the rise and design effective countermeasures.
In short, hacking social network accounts is becoming an increasingly common attack method. The importance of social networks in our daily lives and the level and amount of information we store on them make them very interesting attack vectors for malicious actors to carry out fraud against all types of users and businesses.
The emergence of new strategies such as hijacking accounts to transform them into fake profiles attests to the criminals’ ability to adapt and innovate. Platforms and users must therefore be made aware of the importance of protecting social media accounts and the risks involved in not doing so.
This article is part of a series of articles about Digital Fraud
- Counter-Phishing: Anticipating the criminals
- Stolen accounts, IPTV apps and pirate platforms: how audiovisual fraud work
- Hacking of social network accounts and creation of fake profiles: No one is safe
- SIM swapping, when your phone, and your money, are out in the open