Just imagine the situation. You pick up your cell phone and try to access your Instagram account. Instead of the usual screen you are used to, a login and password prompt appears. You enter the data and password and receive a warning that they are incorrect. Repeat it thinking you typed it wrong and nothing changes, your account is inaccessible to you, its owner. Then you realize that your profile is in someone else’s hands.
And that person starts sending messages saying that if you don’t pay a requested amount, they’ll start posting intimate photos and messages. After all, the attacker has access to your entire history of direct message exchanges. This is a moment of despair, which unfortunately has become commonplace in Brazil. There is a real epidemic of account theft on social networks.
The way these robberies happen is different. There is great creativity on the part of bandits who have become professional. Account theft today is not an activity carried out by isolated “hackers”. It’s an organized industry that makes a lot of money every day from the desperation of victims.
There are increasingly sophisticated methods for stealing accounts. A very common one is a link sent by direct message on social networks or through Whatsapp. By clicking on the link, the doors open for the crook to take over the account. You may wonder: but who clicks on these links? Are people not smart?
This is where the increasingly sophisticated social engineering of the theft industry comes in. The messages sent are increasingly believable. Many of them sent from other accounts stolen from friends of the victim. The forger reads the recent conversations and sends the link in context. This week I received a report of a stolen account where the link was sent to a group of friends who were planning to have dinner together. One of them had his account stolen and the faker sent the link in the group saying it was “the restaurant reservation link”. All participants clicked and lost their accounts.
Another worrying attack vector is related to teles. There are more and more reports of cell phone number thefts. In this case, the criminal seeks out the telephone company and, having all the victim’s data (easily found on the internet), manages to port the person’s chip to himself. Once this is done, he accesses virtually all of his accounts. After all, the cell phone number is the gateway to practically everything, including resetting passwords and logins.
This attack is worrisome because there is nothing the victim can do to protect themselves. The security flaw is exploited on the telecom side. The person wakes up and has all their accounts stolen and their cell phone chip deactivated. This desperate situation has unfortunately become commonplace in the country.
What to do? A joint effort by government, civil society, the private sector and the technical community is needed. Cybersecurity in Brazil has collapsed since all Brazilian and Brazilian data leaked on the internet. In this matter you are most of the time alone, with an organized and well-funded criminal industry lurking around you.
It’s over – steal accounts only through cell phone theft
Already – stealing social media accounts by sending links
It’s coming – more and more accounts stolen via victim chip transfer
I have over 8 years of experience in the news industry. I have worked for various news websites and have also written for a few news agencies. I mostly cover healthcare news, but I am also interested in other topics such as politics, business, and entertainment. In my free time, I enjoy writing fiction and spending time with my family and friends.
