Data has become as equally profitable for hackers as money. They can use their ownership of the data to exploit the victim even further, lock them out of their own account, or even put up the data for sale on the dark web. After several instances of corporate Instagram account hijacking, the need for data privacy became even more underlined.
A simple but impactful sentence signifying how a casual approach won’t help with data privacy. However, the constant threat of a data privacy breach has moved out of giant corporations and creeped into every household. How? Due to kids today tapping away on social media accounts and making online purchases without hassles. Whether they understand the inherent responsibilities that comes with their ease of technology usage is a big question mark.
While organizations are taking active efforts and care to protect their websites and online applications from emerging threats, they seldom pay as much attention to their social media profiles. This has become glaringly obvious as cybersecurity researchers discover a phishing campaign targeting corporate Instagram accounts as well as accounts of influencers.
Threat actors are cinching their claws around the Instagram accounts which get a lot of attention. The anxiety this induces is two-fold. One, the social media world feels agitated when they can’t spend time scrolling their feed and checking how well they’re doing. Two, because they have such a wide reach, questionable activity by hackers will be noticed by a larger audience, thus ruining their reputation.
This puts them in a position to pay any money demanded and be done with it, rather than face the torment. Hackers use this knowledge to extract money out of their ransomware victims in return for ceding control to the accounts.
Details of the Instagram Account Hijacking Activity
The instagam account hijacking campaign works as follows: the victim gets a direct message on Instagram that contains a warning about copyright infringement. The message comes with a link. Clicking the link takes the victim to a notice about possible shutdown of the account. Now they can click the appeal button in order refute the allegations. But they first have to enter their password. This means game over!
Some steps to take for better data privacy
While third-party security tools have no effect in this scenario, the only thing that can protect you is proper awareness and knowledge. Staying updated on recent cybersecurity news is a must, for businesses as well as individuals. Our guide on phishing prevention will bring you closer to that objective.
Also, if you analyse the case closely, you will realize that the Instagram account hijacking cases would’ve been avoided if only the victims would’ve turned on Two-Factor Authentication. That way, even if they’d given up their password, nobody would’ve been able to login without the OTP that delivers on the victims’ mobile device.
Let this be a lesson in data privacy and security awareness and handle your web presence with caution.