Check your passwords, everyone…
Popular car marketplace Bring A Trailer lost control of its Instagram account for a full 24 hours. Hackers took over the Bring A Trailer Instagram account on September 24, posting pictures of a Turkish influencer who’s popular on TikTok.
Find out which car is most popular on Instagram here.
Elif Armagan, the TikToker in question, not only was featured in the Bring A Trailer Instagram account’s profile photo, her likeness was used in 12 successive posts during the 24-hour period. A link to the influencer’s Twitter account was included in the account bio, in case anyone was interested in following her for real.
Later, the profile photo and 12 latest posts on Bring A Trailer’s account were replaced by photos of a different woman. Exactly what the hackers wanted, other than to simp for some influencers, isn’t entirely clear. Bring A Trailer didn’t indicate a demand for ransom was made, so this might have just been someone who likes to spread chaos in the world.
Whether you’re a private individual or a business with tens of thousands of followers, hackers want to gain access to your social media accounts. It’s a good idea to use secure passwords and dual-factor authentication whenever possible. Also, check that your recovery information is updated for each account.
In the case of Bring A Trailer, the company’s post to Instagram announcing it was back in control hinted that everything started with an email phishing campaign. Basically, fraudsters send an authentic-looking email from a business like Instagram with some urgent action you need to take. If you click on the link in the email, it will take you to a website which looks legitimate, but in fact isn’t. Of course, you’re logged out of your account, so you input your username and password, only it doesn’t work. That’s when the fraudsters have your login info for the real site, which they use to get into your account and change the password before you can get in. Dual-factor authentication should stop this from happening, but never clicking on links in emails and instead going directly to the website which supposedly sent a alert is even smarter. Learn from Bring A Trailer’s mistake.