International. A recent study reveals that Instagram users suffered the most from account takeover in 2021; In total, 84% of victims of social media account takeover reported that their Instagram accounts were hijacked by scammers, Atlas VPN revealed.
Instagram, which has over 1400 million monthly active users, is the fourth most popular social media channel in the world.
The data is based on the Identity Theft Resource Center's (ITRC) instant survey of people who reported being victims of social media account grabbing in 2021. The survey appears in the 2022 Consumer Impact Report.
A quarter (25%) of social media takeover victims also reported losing their Facebook accounts to malicious actors. Twitter was reported by only 3% of victims of social media account appropriation, followed by WhatsApp (1%) and LinkedIn (1%). A staggering 68% of victims have not regained access to their social media accounts.
Social media accounts are very valuable to cybercriminals as they contain a wealth of personal information, which can include the user's full name, email address, phone number, date of birth, physical address, photos, private messages, and more, and can be used to commit fraud.
A hijacked social media account can be used to take over even more accounts by posting fraudulent posts, sending malicious links to the victim's contact list, and asking their friends to reveal personal information or provide funds. In fact, 66% of victims said attackers continued to post on their profiles after hijacking the account, and 69% confirmed that attackers contacted their friends and contacts to scam them.
Malicious actors can also extort money from the account owner in exchange for recovering the stolen account. The request for money was reported by 22% of the victims.
Some social media accounts, such as Facebook, can be used to log into other online accounts, such as online banking, which may contain even more sensitive information.
In addition, cybercriminals can sell compromised social media accounts on the dark web. According to Whizcase data, a hacked Twitter account sells for $10 on the dark web, an Instagram account costs $12, a Facebook account is priced at $14, and WhatsApp is worth $18. In the meantime, you can buy a LinkedIn account for $45.
Top Ways to Steal Social Media Accounts
Malicious actors have many methods to trick victims and take away their valuable information, funds, or social media accounts.
Impersonating a "friend" is an effective scam tactic, as people let their guard down when communicating with people they know. According to the survey, nearly half (49%) of victims of social media account grabbing clicked on a link in a direct message from a friend before losing access to their social media accounts.
Cybercriminals also use "get rich quick" schemes to lure unsuspecting victims and steal their personal data and accounts. One-fifth (20%) of social media victims lost their accounts to cybercriminals responding to cryptocurrency and other investment scams.
In addition, more than a tenth (13%) of social media takeover victims provided personal information, including 2FA codes, PINs and one-time passwords, leading them to lose access to their social media accounts.
While most victims had their social media accounts hijacked after clicking on a link sent to them by a friend, 5% of victims got into the situation after clicking on a link provided by an unknown person, however, they were referred by a friend.
Spoofed websites and special offers are another combination that cybercriminals use to trick their victims. In total, cybercriminals confiscated their accounts from 3% of victims after submitting their login information and password to fake login pages. They were asked to log in to take advantage of an offer.
What to do if your social media account was hijacked
To prevent your social media accounts from being hacked, it is essential to create unique passwords for all your online accounts and use second-factor authentication.
Beware of messages that contain links or ask for your personal information, even if they appear to come from the person you know. You can always call that person or use other means of communication to confirm if they actually sent you that message.
You should also be wary of messages containing offers or investment schemes offered to you through social media.
But what if your social media account has already been hacked?
If you can still access your account:
* Scan your device for malware and remove any suspicious software if you discover it.
* Make sure to change your social media account password immediately before the hacker does. If you use the same password for other online accounts, update them as well.
* Set up second-factor authentication to add an extra layer of security to your account.
* Inspect your account for strange messages or posts you haven't posted and delete them to prevent cybercriminals from using your account to commit further fraud.
* Inform your friends that your account has been hacked in case scammers have contacted them on your behalf.
* Keep your software, such as your social media applications, up to date to minimize the chances of malicious actors exploiting software vulnerabilities if any exist.
* If your account contains sensitive information, watch for any signs of identity theft – check your bank statements for fees, withdrawals, or unexplained errors on your tax or social security return. You can also employ tools like Atlas VPN Data Breach Monitor, which scans publicly leaked databases for your credentials and alerts you if they've been exposed so you can act immediately.
* If you no longer have access to your social media account, most of the above tips still apply. However, in addition, you must report the appropriation of the account to the social media platform.
Instagram, Facebook, Twitter, and LinkedIn provide tips on what to do if your account has been hacked. If the social media platform where your account has been taken does not offer any guidance for such cases, please contact their support.
