Intelligent CISO Issue 61 | Page 79

While it doesn ’ t take a cybersecurity expert to recognise this was a scam , it could nonetheless prove to be an effective phishing tactic since it is coming from the trusted source ’ s actual account within a social ecosystem not known for abuse .
Curious about the sophistication of these attackers – and because I ’ ll never pass up an opportunity to speak directly to our black-hatted counterparts – I responded to the story to see how effective their messaging was .
But it was an awful ordeal for both friends . Trevor finally used Instagram ’ s facial recognition verification process to scan his face and compare it against their endless library of tagged photos . He was able to regain access within 27 hours and set up his 2-Factor Authentication .
Stacey , on the other hand , quit social media . The ordeal was too much of an embarrassment and created so much anxiety for her that she decided the whole persona in a digital realm was not for her .
But this is not unusual . On several occasions , consumers have stopped using a platform when their account is hacked . Panic , embarrassment and shame are not the sort of feelings we want customers and end-users to have when they rely on our products . And while this example may be specific to social media , the sentiment is something we can all share .
Whether it ’ s social media , FinTech , e-commerce or any other organisation with an exploitable user base , credential stuffing is a cat-and-mouse game that is here to stay – and with eyebrow-raising impact .
Javelin Strategy and Research in its 2021 Identity Fraud Study reported that account takeover ( ATO ) fraud resulted in over US $ 6 billion in total losses in 2020 . When companies create new defences , hackers develop tools to bypass these safeguards and the cycle continues . www . intelligentciso . com