London24NEWS

Surge in social media hacking: Here’s why it is best to activate two-factor authentication NOW

ECONOMY

By THIS IS MONEY

Updated:

Social media and email hacking reports surged 57 per cent last year, Action Fraud revealed today. 

That’s a huge rise but it’s likely to be even greater, as social media hacking is under-reported.

One of the most important moves you can make now is to switch on two-factor authentication for online accounts, as we explain. 

And while reporting it to Action Fraud might not necessarily help your predicament, the recent experience of a This is Money journalist below highlights why it is worth contacting them. 

The column below was first featured in the This is Money newsletter last Thursday – sign up to This is Money’s newsletter for the latest news, features and weekly comment from our editors before anyone else direct to your inbox.  

Social shock: Action Fraud says there has been a sharp uptick in reports of social media hacking, which will include Meta-owned Facebook and Instagram

Social shock: Action Fraud says there has been a sharp uptick in reports of social media hacking, which will include Meta-owned Facebook and Instagram

A This is Money journalist writes: Defence is the buzzword of the moment when it comes to investing thanks to geopolitical tensions – but it should also be a buzzword when it comes to your own personal online safety.

How much of an online presence do you have? As in, social media accounts, shopping accounts, emails and so on?

The answer is likely to be… quite a lot. Now, how many of those accounts do you have two-factor authentication set-up on? And when was the last time you changed your password?

I’m going to hazard a guess that you’ve become lethargic about it… and I don’t blame you.

Unless something bad happens to jolt you into action, it’s easy to keep details the same for fear of being locked out or because you don’t think you’re a target.

But you are, whether you have 200,000 followers on social media, or 200.

Last month, a family member I was out with for a walk in the park received a few messages from friends. 

‘Either your Instagram has been hacked or you’ve become a bitcoin peddler,’ was the general tone.

Panicked, she checked, and sure enough, a scammer had gotten into her Instagram, changed all her details and was posting about ‘big bitcoin’ gains.

Then came Whatsapp messages from various unknown numbers asking if she wanted her Instagram account back.

That’s when I sprang into action. I told her to ignore the Whatsapp messages, as they were likely to be a blackmail attempt to panic her into urgently sending money; to change all passwords on other sites and then we’ll try get back into your Instagram.

It turns out the hacker also tried to get into Facebook (also Meta owned alongside Instagram and Whatsapp) but that attempt was fortunately blocked.

Why the Instagram one at the same time wasn’t blocked is a mystery. 

We managed for a moment to log into her Instagram to try and take back control, but the hacker beat us to it and finally completely locked us out.

In recent weeks, I’ve noticed an uptick in people I know being hacked. 

An ex-colleague on her Instagram account, and another ex-colleague on LinkedIn.

So, what do you do next? Well, I found it is almost impossible to report it to Meta – an experience my ex-colleague confirms was the same for her – with no way of getting the account back.

Furious, I went down a route unopen to many – I dug out an old press office contact. 

After a few days, the account was secured, the victim undertaking a relatively painless video selfie to get back in.

Why couldn’t this simply be an option for those who have been hacked and something easily found on its app?

I also urged her to report it to Action Fraud, not because I think it can do anything (it’s a pretty toothless organisation) but more I wanted this hack put on record in order to paint a picture of how easy this is to do on Meta-owned platforms.

She did that, and while the Action Fraud call centre was friendly it essentially said there was nothing it could really do – that’s was expected, but I just wanted it logged.

But blow me down, a week after the hack, a police officer from her local area called (I made sure she verified it was the police, which is the way I treat all phone calls… with cynicism) and the officer was genuinely pleased it was reported to Action Fraud.

The victim passed over all the information we had saved – a screenshot photograph of the hacker who had posted it on her Instagram; the IP address blocked by Facebook; the email address used by the hacker; the numbers from Whatsapp.

‘I’m sorry, but you won’t get your account back,’ said the officer.

‘I already have,’ said the victim.

‘How?’

And let’s just say the police officer was not happy to be told the account could be retrieved because of pressure on a press office. Why not for everyone else?

If you fall victim to a hacker this way, please report it to Action Fraud. The vast majority won’t, and it lets huge organisations – who have so much power over us – get away with it. It’ll be vastly underreported.

 If you fall victim to a hacker, please report it to Action Fraud. The vast majority won’t, and it lets huge organisations get away with it. It’ll be vastly underreported.

I believe a fightback begins with harnessing data, to show just how big a problem these hacks have become.

Second, if you are reading this and haven’t done a password audit for a long time… and haven’t got two-factor authentication set up, go do it.

It is painless and although I wasn’t hacked, it’s prompted me to turn on 2FA on Amazon, Facebook, Instagram, Hotmail, Linkedin and Twitter, along with much better password protection.

It makes it harder for a hacker to get in and it’s way easier than trying to revive hacked accounts.

It would have made her experience far less likely to happen, because any changes to a password would need to be verified by email address or phone number.

Lastly, I put questions to Meta about just how an account can be so easily changed from an email address and phone number that has been associated with it for more than a decade – and just why is it so hard to report?

Scammers thrive in putting their victims under pressure – it’s vital in my eyes that a hack can be easily reported to the company in question.

I can easily see how people would reply to the Whatsapp and open themselves up to an even bigger world of pain.

While Meta sprung into action after my involvement and sorted the account, my questions have been left unanswered.

It did, earlier in the week, reveal new measures to help beat hackers which seem to be a step in the right direction.

Please take some time to strengthen your account log-ins, set-up 2FAs and save yourself the misery of trying to get back into stolen accounts. 

Future you will be thankful and it’s well worth an hour of your time.

Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.

You might also like More from author