Over the past few months, hundreds of South Africa’s approximately 6.19 million registered Facebook users have become the victims of cloning. This practice, which is also known as deep mining, is when cybercriminals lift a user’s name and profile picture from their existing account to create a duplicate Facebook profile from which they then send messages to the victim’s friends asking them for money.
“This is such a popular scam since it is low-tech and easy. Hackers either obtain your password illegally when you click on external links, apps or games; or they simply and copy and paste all your public information. Alternatively, depending on your privacy settings, they can send you a friend request. Once you accept, they start copying all your information and pictures to create an exact replica of your profile,” explains Lutz Blaeser, Managing Director of Intact Security, a distributor of several security software solutions – including the full range of Avira anti-virus products – in South Africa.
Blaeser says the purpose of this is to steal money. “It is reminiscent of that e-mail scam that went around a few years ago, but instead of using e-mail, the Facebook fraudsters now use the social networking site to send out private messages to the people on your friends’ list claiming that you are in some sort of trouble and need them to send you money. Those good Samaritans who fall for the story, end up paying the money straight into the scammer’s account.”
He warns that it can also lead to identity theft and spam being sent from your account. Such hacks and cloning are more than just an annoyance to the victims. In some instances, it can cause major embarrassment and destroy personal and professional reputations too. And it is not only Facebook users who should be on the look-out. Hackers are wreaking major havoc on other social media platforms as well.
In April, the Associated Press (AP) news agency fell victim to hackers who sent out a breaking news tweet to the agency’s almost two million followers claiming that there had been two explosions in the White House and that U.S. President Barack Obama had been injured. The damage was far-reaching. Within minutes, the untruth had been retweeted thousands of times, the stock markets dropped by $136 billion in value and the Down Jones Industrial Average fell almost 150 points before AP confirmed that the tweet had been the handiwork of hackers.
“Although AP is not the only high profile corporate Twitter account that has been hacked, they experienced more damage than some of the other victims,” Blaeser says. “First of all, their credibility and reputation were harmed – even though the false tweet wasn’t the handiwork of an AP staffer. Secondly, Twitter suspended their account for around 24 hours to prevent the hackers from posting again. Although understandable, the closure caused the news agency to lose many of their followers as well as many potential clicks to their website, since they normally use Twitter to link to their news articles.”
Blaeser advises that the time from when a breach occurs on any of your social media accounts, and when it is discovered and caught, is crucial to minimising the damage. “Knowing when your account has been hacked isn’t as obvious as one might think, especially not in the instance of a corporate account, where more than one person might be posting to the feed,” he says. “So it’s not just a matter of seeing content that wasn’t posted by you. You’ll first have to check with everyone who has permission to update the feed if they had posted the update.”
Other signs that you’ve been hacked have recently been listed by the Avira blog, and include noticing that someone has logged in from a different location. “Most social media services have this feature built-in nowadays. If you normally log in from South Africa and someone tries to gain access to your social media platform from, say, China, you might be asked to verify that it’s you,” Blaeser says.
According to the Avira tech blog, other warning signs would be if an app starts posting on your behalf, when you can’t login to your account anymore, and when you suddenly start befriending and following a lot of new people you don’t know.
Blaeser says that there are steps that social media users can take to protect their accounts from being hacked into. “Enable two-step authentication wherever possible, never use the same password for different accounts, and install and use a good anti-virus software on all devices from which you access your social media accounts,” he concludes.
* This report was prepared by Intact Software Distribution