Intelligent CIO Europe Issue 65 | Page 39


‘‘ business

On several occasions , consumers have stopped using a platform when their account is hacked .

‘ I

don ’ t give a damn about my reputation .’ These were the opening lines on the song Bad Reputation by Joan Jett and the Blackhearts , a rock group that made classical hits long before the arrival of the modern Internet age .
Joan and the Blackhearts made music at a time when counterculture was subversive , cool and edgy . Today , counterculture is mainstream and online reputation is prominent . Digital personas can be deliberately curated , highly visible and tightly managed as we ’ re seemingly wedded to the devices in our pockets . The results can be devastating when bad actors take advantage , accounts get compromised and credential stuffing occurs .
Panic , embarrassment and shame are the real feelings resulting from things that happen in our digital world . This is specifically true in the case of social media account takeovers which has been named ‘ Account Takeover Epidemic ’ by the Identity Theft Resource Centre ( ITRC ).
ITRC – which in 2021 had over 15,000 identity crime victims contact them for support services – said there was a 1044 % increase in social media account takeovers from 2020 to 2021 . As a follow up , the organisation conducted a survey of social media account takeover victims and found that 66 % were experiencing strong emotional reactions to losing control of their social media account , 92 % felt violated , 83 % were worried and anxious , 78 % felt angry , 77 % felt vulnerable and 7 % felt suicidal . These are important statistics to consider within the cybersecurity space .
While it may be easy for some to view social media identity theft as a mere inconvenience , these figures illustrate how closely tied one ’ s online reputation is to their emotional well-being .
Two of my friends , Trevor and Stacey , had their social media accounts hacked by a credential stuffing attack in July 2022 and none of them had 2-Factor Authentication set up . They were both professionals active on social media with one of them being a crypto enthusiast .
On their Instagram stories , the bad actors posted a message about getting involved in a Bitcoin mining scheme . It was a screenshot of an iPhone lock screen which included a picture from their profile . In Trevor ’ s case , it was a picture with his wife displaying a bogus text message from Bank of America , followed by a screenshot from his supposed bank account .
While it doesn ’ t take a cybersecurity expert to recognise this was a scam , it could nonetheless prove to be an effective phishing tactic since it is coming from the trusted source ’ s actual account within a social ecosystem not known for abuse .
Curious about the sophistication of these attackers – and because I ’ ll never pass up an opportunity to speak directly to our black-hatted counterparts – I responded to the story to see how effective their messaging was .
But it was an awful ordeal for both friends . Trevor finally used Instagram ’ s facial recognition verification process to scan his face and compare it against their endless library of tagged photos . He was able to regain access within 27 hours and set up his 2-Factor Authentication .
Stacey , on the other hand , quit social media . The ordeal was too much of an embarrassment and created so much anxiety for her that she decided the whole persona in a digital realm was not for her .
But this is not unusual . On several occasions , consumers have stopped using a platform when their account is hacked . Panic , embarrassment and shame are not the sort of feelings we want customers and end-users to have when they rely on our products . And
www . intelligentcio . com INTELLIGENTCIO EUROPE 39