The COVID-19 pandemic has changed many things, and one of them is social media – specifically, the rising usage of platforms like Instagram, TikTok, Snapchat and more, and the rippling effects from such utilization. Since the beginning of 2020, as human interaction and peoples’ in-person social lives became virtually non-existent, with much of the U.S. undergoing a lockdown mandate, the use of social media skyrocketed. Since COVID-19, social media engagement increased by 61%, and as social distancing requirements kept many people apart throughout 2020, online platforms began playing a key role in keeping individuals connected and entertained. Yet with that increased usage, also came other issues that began surfacing just as quickly.
By 2021, cybercriminals have found a new way to target Instagram users specifically, through an email phishing scam, by sending false copyright infringement notices and obtaining confidential information. Specifically, Internet hackers have been sending false notices via email, requesting for the recipient to click a link to a complaint, and stating that if the infringement claim is incorrect, to complete the objection form via the link. Once users provide information such as their email address and Instagram password, their social media platform usage is then compromised and sensitive data may be obtained.
Another way attackers have been targeting users is by sending emails with a link to appeal the infringement notification and once the user clicks on that link, they will be directed to a Facebook page including a real post from the user’s Instagram page which asks the user to enter the password to their Instagram account, which would be directed to the attackers, whereas the user will be sent to the real Instagram copyright section, in order to “avoid any suspicion.”
An additional method that hackers are able to threaten users is when users are directed to a false copyright infringement link and are requested to enter their Instagram login ID and password and as the users enter their passwords, the link informs them that their sign-in information is wrong. Once the users try two or three times to enter the login information, users receive a message that their appeal was submitted, after the hacker is able to receive the login in details.
While it is clear that there have been numerous attempts to hack into social media users’ information, particularly with the general rise in usage of such platforms since the beginning of the pandemic, there are also numerous ways users can protect themselves going forward. First and foremost, avoiding clicking “helpful” links in emails enables users to avoid being prompted to enter sensitive information, and knowing what real-life URL’s are actually utilized for will allow people to know what verified links to actually select. Second, some users enlist the help of password managers, who help to prevent users from inserting in a correct password into a wrong site that they have never seen before. Further, many password managers recommend the use of 2FA, which are one-time codes that are used together with a password to make it difficult for hackers, as entering in a password alone is not enough to get access to someone’s social media account. Finally, many people advise users to consult with a friend or colleague who has already been faced with an accurate and real copyright infringement notice in the past, so they can verify what the actual process is like and how to respond safely.
While utilizing false copyright infringement notices to target online users is not exactly novel, the rising rate of social media since the onset of the COVID-19 pandemic has only exposed more people to the actions of potential hackers. However, being aware of the various ways users are being besieged with these methods and knowing how to avoid them will in no doubt assist in lessening the amount of false claims and protecting users going forward.