Intelligent CIO Africa Issue 76 | Page 47

ITRC – which in 2021 had over 15,000 identity crime victims contact them for support services – said there was a 1044 % increase in social media account takeovers from 2020 to 2021 . As a follow up , the organisation conducted a survey of social media account takeover victims and found that 66 % were experiencing strong emotional reactions to losing control of their social media account , 92 % felt violated , 83 % were worried and anxious , 78 % felt angry , 77 % felt vulnerable and 7 % felt suicidal . These are important statistics to consider within the cybersecurity space .
While it may be easy for some to view social media identity theft as a mere inconvenience , these figures illustrate how closely tied one ’ s online reputation is to their emotional wellbeing .
Two of my friends , Trevor and Stacey , had their social media accounts hacked by a credential stuffing attack in July 2022 and none of them had 2-factor authentication set up . They were both professionals active on social media with one of them being a crypto enthusiast .
On their Instagram stories , the bad actors posted a message about getting involved in a bitcoin mining scheme . It was a screenshot of an iPhone lock screen which included a picture from their profile . In Trevor ’ s case , it was a picture with his wife displaying a bogus text message from Bank of America , followed by a screenshot from his supposed bank account .
While it doesn ’ t take a cybersecurity expert to recognise this was a scam , it could nonetheless prove to be an effective phishing tactic since it is coming from the trusted source ’ s actual account within a social ecosystem not known for abuse .
Curious about the sophistication of these attackers – and because I ’ ll never pass up an opportunity to speak directly to our black-hatted counterparts – I responded to the story to see how effective their messaging was . are not the sort of feelings we want customers and end-users to have when they rely on our products . And while this example may be specific to social media , the sentiment is something we can all share .
Whether it ’ s social media , FinTech , e-commerce or any other organisation with an exploitable user base , credential stuffing is a cat-and-mouse game that is here to stay – and with eyebrow-raising impact .
Javelin Strategy and Research in their 2021 Identity Fraud Study , reported that account takeover ( ATO ) fraud resulted in over US $ 6 billion in total losses in 2020 . When companies create new defences , hackers develop tools to bypass these safeguards and the cycle continues .
So , how can businesses fight back ?
In a recent Aite Group report , risk executives from financial institutions , FinTech lenders and e-commerce companies were interviewed to learn how they were protecting themselves from the escalating volume of ATO attacks . Some of the key takeaways were :
Ian Lauth , Senior Technical Marketing Manager , F5
But it was an awful ordeal for both friends . Trevor finally used Instagram ’ s facial recognition verification process to scan his face and compare it against their endless library of tagged photos . He was able to regain access within 27 hours and set up his 2-factor authentication .
Stacey , on the other hand , quit social media . The ordeal was too much of an embarrassment and created so much anxiety for her that she decided the whole persona in a digital realm was not for her .
But this is not unusual . On several occasions , consumers have stopped using a platform when their account is hacked . Panic , embarrassment and shame



www . intelligentcio . com INTELLIGENTCIO AFRICA 47