Brunch

Social media hacking is real: Here’s the low-down: Sharks don’t just swim in the ocean

One of the bright sides of the pandemic is that we have all learnt to live online, and while the internet and the digital world is most certainly a boon in these times, it is also important to remember that it does have a dark side, and it can be easy to fall prey to unscrupulous people online who want to take advantage of us.

We are all (I hope) aware of the scams like the Nigerian prince who is reaching out to us randomly in desperation because, for some reason, he needs a small short-term loan from us (of all people) to access his otherwise inexhaustible wealth and will pay us handsomely for assisting him during his time of great need. 

But there is a far more sinister plot at play online these days, that of hacking social media accounts like Facebook and Instagram and holding them ransom or simply, well, making them unusable. For the everyday person, this may not seem like a big deal beyond the violation of knowing that your account was compromised, but for most of us, our social media accounts are integral parts of our lives, they’re how we stay in touch with people and stay up-to-date on news (yes, we know, getting news off Facebook and Instagram is highly suspect, but most people in fact, do this). For those of us who have significant social media followings and use our social media followings to make money, it’s even more important to keep our social media accounts safe. 

Cars aren’t the only things that can get hijacked 

Information on some of the latest Instagram account hacking methods has been making the rounds on social media, in a bid to build awareness and let people know what suspicious behaviour looks like before they fall prey to it themselves. To learn more about how social media accounts are hacked and how to be proactive, The Morning Brunch spoke to Sajeewa Dissanayake, an artist and digital media consultant with an unusual side qualification. Sajeewa is a Facebook certified trainer and community manager. Though he specialises in digital marketing, having had to work with a lot of people as a Facebook certified community manager and dealing with such situations pretty regularly, Sajeewa has become something of a fixer when it comes to recovering hacked social media accounts.

Sajeewa Dissanayake

Sajeewa first explained that his experience recovering accounts is simply practical experience, and his training as a Facebook certified company manager simply gave him more expertise and knowledge on how to quickly act to recover an account that has been hacked. In his words, his experience isn’t magical. “Having worked with a lot of people and having come across such situations, I have gained experience on how to recover things quickly when an account is hacked,” Sajeewa said, adding: “These are steps you can also follow on your own to recover your account but you have to be quick, and some people don’t have the knowledge and experience to do this quickly. My experience as a community manager allows me to help people follow the correct path because I have the practical experience to handle such things.”

Sajeewa did confirm that, to his knowledge, there has been an increase in the number of hijacked social media accounts, especially on Instagram, and these tend to be accounts with large followings (think hundreds of thousands of people). “The main reason for this hijacking is so they can get control of the accounts and resell them or use them for some other purpose.” Sajeewa mused, adding that the last year, in general, has seen an upward trend in account hijackings, something which he puts down to the fact that the last two years have seen Sri Lankans get so much more attuned to being digital so now hackers are targeting Sri Lankan digital platforms more than before. The most vulnerable people to these hackers are influencers and other Instagram accounts or pages with large followings, who are tricked into giving hackers access to their accounts mainly through conversations that centre around paid sponsorships or advertisements.

Being wary

Giving us a little more insight into the most popular hacking methods being currently employed, Sajeewa explained that these account hijackings take place mainly through phishing attacks when hackers pose as a trusted entity and trick a victim into opening an email, instant message, or text message. 

Another popular method hackers use is making victims fear that their accounts might be at risk and tricking them into revealing things like passwords and other security information in the guise of protecting their accounts. For example, by seeing a message on Facebook that says their account has been suspended for violating community guidelines and in order to save their account they need to follow some specific steps like logging into their account through a link given which leads to a fake website that captures their information for the hackers. 

Another method hackers often employ is contacting public figures and influencers with the option of verifying their profiles (giving them the blue tick that makes their profile an official one) and tricking them into revealing their security information as part of the verification process.

The most popular method hackers use to hijack accounts with large followings, Sajeewa shared, is through posing as a company offering the user paid ads or partnerships and in order to finalise such a partnership the user has to give the company limited access to their account for business purposes. The user then finds themselves locked out of their account.

Protecting yourself

One of the biggest keys to protecting yourself from being hacked is being prudent. If a company contacts you, look at things like what they’re asking you to do; does the email address they’re using or the website they’re linking to sound appropriate? If it sounds off, chances are, it is. If someone, even a trusted friend messages you asking you to send them a code or for you to press a button, think about if this is something your friend would normally do. Call them and double-check if you’re in doubt. It’s very possible your friend has been hacked and the hacker is using their account to gain access to yours.

Also, make sure to use different passwords for your various accounts. Often one of the first things hackers do when they get a password is check if that password works on your email and other social media.

Some other more tangibly strategic options Sajeewa shared with us were activating two-step authentication for all your accounts. Yes, it may be annoying but it could make all the difference when someone tries to hack you.

Another tip Sajeeewa shared is that Facebook and Instagram give you the chance to strengthen your security by obtaining backup codes and adding trusted friends who can receive these codes for you. He encouraged people to make use of such measures.

Bringing it all together

If there’s one thing the 2020s has taught us it is that prevention is always better than cure. It is much, much easier to protect your account from being hacked than it is to recover your account from being hacked, especially if it is your Instagram, as one of the things Sajeewa revealed to us is that for many reasons, technical and otherwise,  Instagram accounts are a lot less likely to be recovered than Facebook accounts. 

Being responsible online is more than being careful about what you believe and what you post. It’s also about protecting your online assets, and yes, your social media account is now an asset.