Social media impersonation attacks are on the rise and this time these have been reported with great concern by the security community and progressive organizing world. The target seems to be extracting the phone numbers of people who have admin access to the big organization social media accounts.
The phone numbers can make the attackers become successful in SIM swap/ SIM-jacking attack, which would actually lead them to break into social media accounts that are being protected by SMS Two Factor Authentication (2FA) method.
To give you a better overview of how it is happening, let’s look at the impersonation of Ann Lewis Instagram account - @annlewis. The impersonator account is extremely close with a difference of just one character @annleewis. However, that seems to be just the beginning.
The impersonator opted for great attention to detail as one can see the most recent pictures of @annlewis being posted on that impersonator account. The attacker even went through the list of people the original account was following and got same followers in return, especially the ones who had forgotten that they were already following the real @annlewis.
After this, the impersonator account went one step further and requested for personal information like cell phone numbers from the mutual followers both the account had now. Some attempts turned out to be successful, while others who figured out the suspicious activity by chance reported the impersonators account, upon which it was taken down.
This was just one of the instances and many such impersonator accounts are being made and are publicly available on Instagram, Facebook, Twitter, LinkedIn and dating platforms.
In case you have just turned into a victim of such an attack and your phone number is already with them, then it’s time to update your social media 2FA backup methods.
You can also check the recent activity on your social media accounts as some attackers post malicious content from your account, while others observe your behavior and interactions quietly. In either case, they leave digital traces behind.
For example, if you think there is something wrong with your twitter account, then you can check “Places you’ve been.” All you have to do is go to https://twitter.com/settings/your_twitter_data/account_history and select “Places You’ve Been.” If you see a suspicious location here, then you need to remove it and play safe.
To get rid of the activities, take a screenshot of authorized apps and sessions, keep changing your password, along with limiting the access to all Apps and Sessions listed in https://twitter.com/settings/applications. You can edit the access as per your requirements but for that you will also have to keep a record of authorized apps and sessions to identify any unusual location or device.
Photo: Freepik / Winyoo
Read next: Microsoft Catches The Spear Phishing Attacks On Time, Shares Important Tips On How To Avoid Them
The phone numbers can make the attackers become successful in SIM swap/ SIM-jacking attack, which would actually lead them to break into social media accounts that are being protected by SMS Two Factor Authentication (2FA) method.
To give you a better overview of how it is happening, let’s look at the impersonation of Ann Lewis Instagram account - @annlewis. The impersonator account is extremely close with a difference of just one character @annleewis. However, that seems to be just the beginning.
The impersonator opted for great attention to detail as one can see the most recent pictures of @annlewis being posted on that impersonator account. The attacker even went through the list of people the original account was following and got same followers in return, especially the ones who had forgotten that they were already following the real @annlewis.
- Also read: 80 Percent of Online Retailer Sites Are Fake
After this, the impersonator account went one step further and requested for personal information like cell phone numbers from the mutual followers both the account had now. Some attempts turned out to be successful, while others who figured out the suspicious activity by chance reported the impersonators account, upon which it was taken down.
This was just one of the instances and many such impersonator accounts are being made and are publicly available on Instagram, Facebook, Twitter, LinkedIn and dating platforms.
How To Protect Yourself
First thing first, the best way to tackle an impersonator account is to get it reported to the platform with legitimate accounts. Or if we go one step back then verify the identity of accounts before connecting. If you know that you’re already connected to an account with the similar name, then reach out to the person first. Having same mutual or similar information doesn’t guarantee authenticity.In case you have just turned into a victim of such an attack and your phone number is already with them, then it’s time to update your social media 2FA backup methods.
You can also check the recent activity on your social media accounts as some attackers post malicious content from your account, while others observe your behavior and interactions quietly. In either case, they leave digital traces behind.
For example, if you think there is something wrong with your twitter account, then you can check “Places you’ve been.” All you have to do is go to https://twitter.com/settings/your_twitter_data/account_history and select “Places You’ve Been.” If you see a suspicious location here, then you need to remove it and play safe.
To get rid of the activities, take a screenshot of authorized apps and sessions, keep changing your password, along with limiting the access to all Apps and Sessions listed in https://twitter.com/settings/applications. You can edit the access as per your requirements but for that you will also have to keep a record of authorized apps and sessions to identify any unusual location or device.
Photo: Freepik / Winyoo
Read next: Microsoft Catches The Spear Phishing Attacks On Time, Shares Important Tips On How To Avoid Them
