Posted on by MIL OSI Publisher

Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software

Source: Federal Bureau of Investigation (FBI) State Crime News

The FBI Atlanta Division is warning the public that verified social media accounts are being hijacked by cybercriminals for the purposes of spreading scams and malicious software. Cybercriminals are targeting established social media accounts with large followings. By successfully taking over these accounts through targeted phishing or social engineering techniques, the cybercriminals broaden the reach of their fraudulent campaigns to vast amounts of followers. The campaigns become more effective because the followers trust the verified accounts.

Cybercriminals are taking advantage of these hijacked accounts to spread cryptocurrency scams. Cryptocurrency “giveaway” scams often include links to malicious websites that steal the victim’s wallet information. Cybercriminals are also using hijacked accounts to post links to free software downloads, which ultimately link to malware. This info-stealing malware takes the victim’s usernames, passwords, and cookies, enabling the cybercriminals to compromise other accounts.

For followers of social media, here are tips to protect yourself from scams and malware shared online:

  • Do not assume verified influencers or creators are always in full control of their posts. Pay attention to red flags such as a post seeming out of the ordinary or too good to be true.
  • Take extra caution when the post uses a sense of urgency to click a link or visit a website for things like cryptocurrency giveaways or free software downloads.
  • If you are concerned about a website link, look up the website’s registration information by searching for its “WHOIS” data. Proceed with caution if the site was registered recently and from an overseas country such as Russia.

For social media influencers or creators, here are tips to keep your accounts from being hijacked:

  • Use strong, unique passwords and enable multi-factor authentication (MFA)
  • Be skeptical of emails claiming to be from social media companies asking you to relogin with your account credentials. Apply this same skepticism when receiving e-mails about collaboration opportunities that ask you to click suspicious links.
  • Monitor the login activity and connected devices to your account.

Anyone who is a victim of an account takeover or Internet scam should report it to the FBI Internet Crime Complaint Center (IC3) at www.ic3.gov.