Read for 8 min
The opinions expressed by the entrepreneur's contributors are their own.
This morning I spoke to a friend I met 10 months ago in Chicago at the first Next Global Impactor event. The event was a competition for impact-oriented people from all over the world. I was a team coach and speaker. Hunter won first place for her nonprofit, Chemo Buddies For Life, a cancer support group that supports patients with a variety of cancers. The organization supports patients and those who care for them during treatment and beyond.
Hunter is a resident of the greater LA area in California and a cancer survivor. She is also a survivor of the abuse after escaping a bitterly unhappy marriage to her four adult children 19 years ago. Now married again, she radiates a feminine energy. But it's also a force to be reckoned with, which the hacking team, which took over nine of their social media accounts this week, learned the hard way
"It was like a scene from & # 39; WarGames & # 39;" she said when we laughed at the worst moment when she was fighting a hacker in real time to change the password on one of her three Facebook accounts faster when the hacker could go on it could change it back.
But what she had treated in the 24 hours before our visit was not a laughing matter. Social media hacking could happen to all of us and may have already done so – a University of Phoenix Harris survey says that two out of three adult respondents with social media accounts report knowledge of how their accounts are hacked. In fact, the Harris survey At the time of the survey (in 2016), more than 70 percent of the hacks were passed on manually by inadvertently sharing and relaying posts with malware attached to them from social media users.
Most of us have already been victims. The proliferation of #WFH makes us even more vulnerable because many remote workers who were quickly evicted during the health crisis are not adequately protected by a wireless home network when protection against firewalls in the workplace is gone.
Hunter is particularly vulnerable. Thanks to her participation in the Next Impactor competition, which was largely decided by donations and votes, she has a large fan base on her primary social media platforms Facebook, Instagram and LinkedIn. All three were hacked. Even worse, she maintains not just one, but three separate accounts that she personally represents on each platform, as well as two nonprofits and initiatives she manages.
These are nine accounts that hackers used to steal their identity and information to collect money from the many people who trust them.
Related: Your identity could be used in online dating scams. Find out how to …
How did she stop her?
Hunter's first clue came around “zero dark thirty” on June 24, 2020, when a key member of her team called to alert them of a LinkedIn message they had received that was clearly not from her. She checked it out. Sure enough. Then the messages from users came on Instagram and then on Facebook. It was a full attack.
Hunter is a particularly attractive target for hackers because it has a large following and a philanthropic profile and therefore regularly invites followers to work for different purposes. In other words, a request for money would not be unusual.
But what could she do? There were three accounts on each platform, all of which were attacked. There were nine registrations and one from her.
What do you do if your social media gets hacked?
The adrenaline came quickly. Hunter's first step was to change the passwords for each affected account to start the speed test, with the hacker repeatedly resetting them. She paused and thought, "What can I do now that a hacker couldn't?" Two things turned out: First, she was able to quickly request two-factor authentication for each account, which meant that every password change had to be confirmed with a passcode that the platform could text to her phone. Voila. With new passwords, she was able to return to the single step and the hacker was stopped. Second, she could write a live post to her followers because her image and voice were something the hacker couldn't replicate. Through a short video, she immediately alerted followers of the hacking attempts on all platforms, asked them not to respond, and asked them to report fraudulent messages.
Amazingly, the hacker was brazen enough to follow her Instagram account from the fake Tamara Hunter account they created. The hacker was disguised as a hunter, watching her every step. So she blocked and reported the fake Tamara.
Finally, she reported on the attacks on all three platforms. Reporting on Instagram was particularly problematic because each time it submitted it could only go through part of the report before the platform disconnected, which required several attempts before the submission finally "took". Then she alarmed the FTC with plenty of evidence in her hands.
Twenty-four hours later, all three platforms responded and the fraudulent accounts on all three platforms disappeared, and the FTC took longer-term remedial measures. Fortunately, the hackers were thwarted without losing money for Hunter or one of their followers.
Related: 5 Types of Business Data Hackers can't wait to get their hands on
What would a hacker get if he pretended to be a charity?
A lot, it turns out. According to Wired, one of the most typical approaches hackers have on Facebook is to use phishing attacks to find out a charity's password and to silently install themselves on the charity's site through an incorrect administrator account. From there, they sit quietly until they feel it is time to write posts announcing that the charity is "collecting money for animals that have been driven out by forest fires, for example." You forward donations to an external link, for example to a fraudulent GoFundMe page. In the case where the cable article is described, the entrepreneur has unwittingly made things worse by simply deleting the fraudulent posts when they happened. This was only to further encourage the criminal. She managed to remove the fraudulent GoFundMe site and return the $ 1,500 collected to her donors.
But the hacker kept attacking her charity sites under new identities. Months later, tired from the harassment, the entrepreneur finally quietly followed up by responding to the hacker's request to repay the initial $ 1,500 that she had received through an anonymous PayPal account.
In Jäger's case, the hackers appeared to be looking for their followers' phone numbers to place a bid that would allow them to get subsidies for the followers for a fee to build their own philanthropic organizations and succeed. With multiple accounts and thousands of followers on each platform, all focused on her philanthropic interests, she became a rich target.
How did you get your information? Yes, it is possible that a hacker could "sniff" their wireless access. Research shows that chances are high that Hunter or one of their teams accidentally clicked on a phishing campaign or shared a malware-infected story or post that hackers could use to get or guess the information they needed to Sign in needed. She was lucky. What should every entrepreneur know and do in the face of the spread of social media hacks?
Consider the following:
Carefully control who has administrative privileges on any of your business or charity sites, and regularly monitor the appearance of former employees or people you don't know. Change your passwords frequently and use two-factor authentication to retrieve or change passwords. Use different passwords on your different social media platforms (and may even make them different for each of your multiple pages) to ensure that a hacker's potential access to one of your pages does not allow access to all of them. If you are hacked, you must first change your password immediately, check your financial accounts for unauthorized transactions, and, if possible, inform all of your followers by video or voice message about the nature of the hack and the suggestions you suggested. Collect all the evidence and report the hacker to the platform (but know that, despite the urgency, it may take around 24 hours for them to respond).
Finally, you can go to FTC.gov for additional information on how to avoid hacking and what to do in this case. If you discover that something has been stolen, you can report the theft and take remedial action using the steps recommended at IdentityTheft.gov.
Related: How hackers take advantage of a crisis