By SI-CERT (Slovenian Computer Emergency Response Team)
In addition to creating content and post updates on a daily basis, social media account managers often have to deal with rude comments and a large amount of messages in their inbox. As a result, they are more exposed to certain risks. In the blink of an eye, they can fall for an online scam that damages the reputation of a company or brand, while also leading to a financial loss.
This year, the Slovenian Computer Emergency Response Team SI-CERT has seen an increase in the number of phishing attacks targeting social media accounts. From the attackers’ point of view, these bring more benefits, as they allow access to linked advertising accounts and, subsequently, to credit card details.
In the first phase of this attack, Instagram and Facebook page managers receive a notification (either as a comment on a post or as a direct message) informing them that something is happening to their account and they need to take immediate action by clicking on the attached link. These notifications are sent under the pretext that your post violates community rules, that you have infringed copyright, or that you have met certain conditions and are eligible for Verified Account status. It was the promise of a ‘blue checkmark’ that resulted in many Slovenian Instagram influencers to lose their account. If the user clicks on the link provided, it leads them to a fake or phishing site that requires them to enter their username and password. This gives the attacker full control over their business account and advertising account, leading to credit card fraud.
Examples of fraudulent messages and of fake or phishing sites.
In the next step, attackers reset passwords and thus disable access, often deleting existing content. They then use the access to the linked advertising account to promote their own content, which is often against the guidelines of the social media platforms. Most of these are adverts for crypto investment scams, fake online shops, illegal substances, etc. This can lead to the advertising account being disabled and business page deleted. Some attackers also blackmail victims, offering to give them access to their account in exchange for ransom. Unfortunately, even if the victim pays the ransom, they usually do not get the access back, as the attackers keep demanding higher amounts.
You can prevent this kind of abuse by following these tips.
A strong password is not enough
A strong and unique password is not enough to protect your account. If you also manage business accounts with your personal account, activate the two-factor authentication (2FA) that is available on almost all social media platforms. This should be the first rule of your security policy within your marketing and communications department.
Remember that Facebook, Instagram and other platforms never ask users to enter their login details via a link in a message. In fact, they will never ask you to re-enter your password, because they already have it!
Roles and access
Control who has access to your business account and, more importantly, to the advertising account to which your credit card is linked. Companies often work with external contractors. It is important to consistently deny access to anyone who no longer manages the account (former employees, external partners). The more people manage a profile, the higher the risk of abuse. Additionally, you can set a role to have the minimum access required by users to perform their tasks.
Access by other applications
Connected applications, such as social media schedulers, also pose a certain level of risk. If your password to access these tools is stolen, attackers can also access your business account and potentially harm your business financially through your advertising account.
Back up your content
Attackers often delete all existing posts when abuse occurs. Even if you manage to regain access, you may be left without the content you’ve been creating for years. It is therefore advisable to keep an archive of your posts and your entire profile (photos, video content, messages and conversations with users).
In case your password is stolen anyway
If abuse does occur, take action immediately. Search for the social network’s instructions in case of a compromised account and follow the instructions. Unfortunately, our experience shows that it is extremely difficult to regain access to a compromised account, as victims tend to get caught in a cycle of online forms, waiting a very long time to receive a response from the support team, and if they do get a response, it usually doesn’t resolve the issue.
If you have an advertising account, you should also contact your bank immediately, block your credit card and file a chargeback request.
SI-CERT (Slovenian Computer Emergency Response Team) is a designated national computer security incident response team (CSIRT) that operates within the framework of the ARNES (Academic and Research Network of Slovenia) public institute. According to tasks and responsibilities identified by NIS Directive it monitors incidents at a national level, provides early warning, alerts, announcements and dissemination of information to relevant stakeholders about risks and incidents, responds to incidents and provides risk and incident analysis and situational awareness.
Also this year GÉANT joins the European Cyber Security Month, with the campaign 'A Community of Cyber Heroes'. Read articles from cyber security experts within our community and download resources from our awareness package on dev.connect.geant.org/csm2022