We read about hacks of social media accounts all the time, but what’s the point of it? How can someone benefit from hacking a personal social media account, especially a non-celebrity, when there are so many other things to hack? Go steal from a bank or something, right?
This article is going to look at a few reasons why a social media account is hacked. The goal is for you to understand why you will want to better protect your account, regardless of whether or not you see yourself as ‘important.’
Social media hacks happen to everyone
Ok, before we get too far here, I want to show you for certain that everyone can have their social media account hacked. Here are a few examples from Twitter:
Another apology. Last Thursday night I apparently followed a few thousand people. I'm thrilled to contact you all, but I think I was hacked.
— john noble (@thejohnnoble) October 11, 2015
I was hacked. Thanks for bringing that back up! Love these disgusting tweets. https://t.co/ZpXqIkV0kT
— gay vault dweller (@sassychicanx) October 12, 2015
Drats, I was hacked. Sorry for the spam posts everyone. All good now.
— Mary Clark (@ClarkMaryP) October 12, 2015
Recognize anyone there? I doubt it. None of them are famous. They’re just regular folks using Twitter for fun or to stay in touch. Them being hacked isn’t as obvious as why these people are hacked:
Where is Hardison when I need him?!Thanks guys, my account was hacked but should be fine now–The diet posts were not mine.
— BETH RIESGRAF (@BethRiesgraf) October 17, 2015
Sorry for the late night spam everyone. My account was hacked. It's all sorted out now.
— Rep. Mark Pocan (@repmarkpocan) October 17, 2015
#Giveaway: Tell me what you would do with my account if YOU hacked it! Tag #HackToddy to enter giveaway. Details: http://t.co/FAw0IoHSN6
— Todd McFarlane (@Todd_McFarlane) September 24, 2015
That was a fairly well know actor, a U.S. Representative and my favorite comic book artist running a contest after he was hacked. You can see why someone would want to hack those more well known accounts.
But ordinary people being hacked, with followers that are mostly their friends, what’s the point?
Why social media accounts are hacked
For the LOLz
Why social media accounts are hacked varies. For famous accounts, one of the biggest reasons is not one you’d expect: For the LOLz. For fun.
Todd McFarlane, the comic book artist from above, is Canadian. When his account was hacked the person in control of his account tweeted out lyrics from fellow Canadian Drake.
There wasn’t much point to it. Little harm could be found besides the fact that Todd no longer followed fellow frequent collaborator Greg Capullo. As far as anyone can tell, it was for fun.
For forced shares
The second reason that social media accounts are hacked is to force shares. This happened to a friend of mine on Facebook recently.
He had shared and tagged many friends in a link to a website full of nude women. This friend of mine is gay. It didn’t take any special computer knowledge to know that he was hacked.
These types of hacks can be more harmful than you think. Let’s say that one of your friends isn’t a gay man and wants to see these naked women. This person clicks on the link and is sent to a website that’s devoid of naked ladies but full of trojan horses, phishing pages and all forms of malware.
It all starts from one click on a piece of content that seems enticing.
The image to the right is about 1/10th of all the messages he got rassing him when people saw the spam post. They had a laugh about it after, but it’s scary when someone takes control of your social media account!
For forced follows
The third reason that your social media account could be hacked is for forced follows of other accounts.
This can involve your account being hacked as part of a wider plan to hack accounts and get them to follow a specific account. This account that you’ve been forced to follow, that may have a fake brand name, will then be used to spread malware like in the example above.
Worst of all, you may never know that there’s any problem at all. One day you’ll see a post from someone in your Timeline or Newsfeed. It will look kinda sorta like a brand you actually follow, only it’s not.
The last reason someone will hack your social media is to steal information from you.
This can be your password itself so that they can steal it and use it to try and sign into accounts you have with banks and online retailers. This can be information about your place of work. This can be a crazy stalker trying to find out what your plans are for Friday night.
How you can protect yourself
To understand how to protect yourself, I’ll look at some common hacking methods used on social media accounts and explain a method of defense for each.
Brute force hacks
This is when a hacker gets hold of one piece of information, your email as an example, and then uses a tool to guess your password. This can be as simple as a password recovery tool altered for criminal purposes.
Protect yourself: You can protect your social media accounts from this by having complex passwords. Make sure they’re not common words. Mix upper and lower case and include at least 12 characters. I use 15 now. These are nearly impossible to crack via brute force hacks.
Man in the middle hacks
This is when hackers insert themselves between the conversation your computer is having with a server or other computer. This is most commonly done at public WiFi hotspots, but it can, in theory, be done anywhere. You may never know that one of these hacks has been carried out, as it can be impossible to detect it happening.
With the hacker inserting themselves between you and who you’re trying to talk to, simply encrypt your information. The easiest way to do this, and most flexible, is by choosing a well ranked and regarded VPN for your particular goals.
These tools will encrypt your traffic from your computer to the server or computer you’re speaking to. Anyone trying a man in the middle attack will get nothing but encrypted gibberish which they can not read or decode.
These are pages which look legitimate in some way but are actually only built to steal the information you freely give them. These messages are often found in your email but they can spread via social media, as well. The basic premise is that you have to enter your login details for a specific website, like your bank, for some ‘urgent’ reason.
Protect yourself: Your best bet for defending yourself against these types of hacks is to trust no one and nothing. Enter the URL of the business claiming it needs your information yourself to make sure it’s the right website. Contact the administration before you follow the message. Do not be gullible!
This is when you authorize a download onto your computer for something you think you want but you don’t want it at all. When it comes to hacking social media, this is usually a keylogger that records your keystrokes.
Protect yourself: Know where you’re downloading from! There are dozens of websites built just for this; they’re called ‘warez’ websites. Going to the source for your downloads should always be priority number one. Second, a good piece of antivirus software, with a strong firewall, will take care of 99% of the rest.
Social media isn’t all fun and games
So you mostly play that horrid Farmville on Facebook and chat with your mom now and again. While it might be nothing but fun and games for you, it can be serious business for a hacker who gets into your account and gets hold of the right information.
There are real world consequences that you can face if you don’t better secure your social media accounts now. Start with better passwords, add some encryption, and don’t be gullible!
For more information on how to safely navigate the world of social networking, please click here.
About the Author: Marcus Habert (@) is the online security writer and analyst for the Best VPN Provider Online Security and Privacy blog. Catch him there every Wednesday for the latest developments in the world of infosec. You can also join the team on Twitter for a constant stream of what’s happening in online security and hacks.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock