Whilst social media offers great connectivity to keep in touch with family, friends, keep updated on recent news and marketing opportunities, it is important to know how to manage your privacy and security settings.
Incorrect use of social media can introduce a number of risks, as online criminals are devising new and more sophisticated methods to exploit vulnerabilities. 13,288 reports of social media hacking were identified between April 2022 and July 2023, accounting for 39% of all cyber-crime reported within this period. This makes social media hacking the most common cyber-dependant crime reported to Action Fraud with 85% of reports occurring within Meta’s Facebook, Instagram, and WhatsApp. This is indicative that criminals are deliberately targeting social media to perform their attacks, but they have changed their methods from just promoting cryptocurrency investment fraud, to “Selling” tickets, cars, pets, and event rental properties, none of which are delivered and those that have purchased the items are defrauded. These monetisation methods are highly likely to become increasingly prevalent as they are more reliable than cryptocurrency investments.
For example, fake tickets for a Taylor Swift concert have a much larger target base than adverts for a crypto asset; a car is a more marketable and trusted asset than a Bitcoin. These trends are reflected in fraud reporting, with victims who have been defrauded by a suspect Facebook account that is in fact another victims compromised account.
This change of monetization method is emblematic of how social media hacking reporting has evolved. Offenders make changes to the hooks they use, and the specific kinds of fraud they commit once the account is compromised. However, the fundamental process of account compromise leading to fraud and/or blackmail remains unchanged.
Emerging Cyber trends:
- Action Fraud continue to see a high number of social media compromises where each compromise comes from a friend’s compromised account.
- There has been a rise in ticket sale scams (specifically for Taylor Swift), with compromised accounts advertising and requesting payment via Monzo & Revolut.
- There has been a rise in compromise via second-hand sales app ‘Vinted’. Each person affected is unsure at how the threat has penetrated their account.
How can you keep your accounts safe?
- 2-step verification (2SV): provides a way of ‘double checking’ that you are the person you are claiming to be when logging in to your social media platforms, banking, or email account. If an online criminal knows your password, they will come across a barrier on any accounts that are protected using 2SV. You can find guidance here on how to set up 2SV across the main social media platforms.
- Understanding your digital footprint: this is a term used to describe the information you post online, including photos, location information and status updates. Online criminals can use this information to make phishing emails more realistic and convincing, you should think about what you post and who may have access to it, including knowing who your friends and followers are. This guide is aimed at businesses and contains lots of useful materials to help understand the impact of your digital footprint.
For further guidance on protecting you and your business please contact: [email protected]
To stay up to date with the ever-changing digital landscape and security threats, sign up for our free core membership
The NEBRC is a Police led non-profit organisation that seeks to educate, inform, and support businesses across the UK on how to protect their business online through good cyber security practices.