Influencers under cyberattack: Ways to protect themselves and good practices to consider

ESET Latin America analyzes the main strategies that cybercriminals use against influencers and makes preventive recommendations

Facebook, YouTube and Instagram have become platforms that literally catapulted certain people to stardom, granting them the accolade or recognition of “Influencers.” The number of followers they garner and the money that moves around them is such that cybercriminals have focused their sights on them, implementing strategies and deceptions that allow them to obtain their own financial gain. ESET, a leading company in proactive threat detection, warns that it analyzes the most frequent tactics used by cyberattackers to access money and how influencers can be better protected.

The global influencer marketing market, which in 2022 was valued at $33.2 billion, will continue to grow exponentially. In fact, it is expected that by 2032 it will reach 200 billion dollars. In turn, according to the HubSpot site, there are several categories of influencers depending on the number of followers and depending on this (among other factors) “a nano influencer earns between 10 and 100 USD, a micro between 100 and 500 USD, and a macro between 5000 and 10,000 USD per publication.” These figures served as bait for cybercriminals to begin looking for (and implementing) strategies to obtain financial gain. In practice, they were tempted and motivated to do so.

Social engineering is one of the favorite tools of cyberattackers to harm influencers, who often do not have the resources or knowledge with which companies usually protect themselves.

ESET shares some examples of related scams, thefts and deceptions

The Fake Podcast: Hannah Shaw is popularly known on social media as the “Cat Lady”; His pseudonym is due to the fact that in his videos he teaches people what proper care for newborn cats is. Thanks to his followers (more than one million), he raised significant amounts to help rescue these animals and shelters. Seeing Shaw’s popularity as a source of financial gain and thanks to a social engineering technique, cybercriminals managed to take over his Meta business account.

They did this by pretending to be hosts of a podcast. In advance and to coordinate the details of the interview, the malicious actors invited the victim to a Zoom call. There, they asked Shaw for access to the Facebook Live settings with the excuse of generating income and she agreed, thinking it was a normal part of the process. At that time, the cyber attackers took control of the account as Administrator, leaving the page clean to replace them with fake links that actually directed to sites to generate quick and easy income with advertising.

Ambassadors, but of the scam: The “Finfluencers” are a subgroup of influencers dedicated especially to the finance industry. In their accounts, they provide economic advice, advice and tips to their large number of followers so that they can get rich quickly, invest in stocks or cryptocurrencies and implement financial planning. In this case, cybercriminals (and also using social engineering to achieve their goal), offered a false job opportunity for finfluencers to become ambassadors of a brand and promote the brand’s products.

The truth is that the final objective of the attackers was to obtain the personal and financial information of their victims. With the excuse of needing this data to make payment for the supposed work, what they did once they obtained that information was to empty their bank accounts until they took control of their social networks.

Malware always present: Other influencers have been attacked with malware, either by downloading a malicious file or clicking on an apocryphal link. Thus, cyberattackers can very easily take control of accounts and manage them. They achieve this by publishing content that has nothing to do with what the influencer normally shares, deleting all the content that was available, and even changing the logo and name of the accounts. It is also common for malicious actors to ask for exorbitant sums of money so that the victim can recover their social networks.

Identity theft with suspension included: Another technique that became known through complaints and investigation, specifically on Instagram, consists of cyberattackers duplicating the influencer’s original account and requesting its suspension. To do this, they either acquire a verified account, change the user’s biography and image, and then file a report alleging that the victim is actually impersonating them. Another option is to carry out a “spam attack” against the account, reporting it, either for showing nudity images or violating copyright. When the attacker manages to have the account suspended, he contacts the victim to offer to unlock the account as long as he pays an amount of money for said ransom.

Followers, also in the crosshairs: Identity theft is another of the techniques used in the field of social networks, but in this case the victims are the followers. It is normal for influencers to launch giveaways, which generate a high level of interaction. This is where cybercriminals come into play, creating a duplicate account that pretends to be the original, and from there contacts users informing them that they have been winners of a raffle. The goal is to access the personal and financial information of their victims.

Influencers can protect themselves by taking actions to avoid being another victim of the deceptions of cyberattackers

ESET shares some good practices to keep in mind:

  • Be distrustful as a first measure, if a job offer or business possibility seems too good to be true, it probably is.
  • Do not provide personal or financial information without confirming that there is a real and true possibility on the other side. Good research is your best ally, as is contacting the company to confirm the offer.
  • Do not let any person, company or application post on your social networks.
  • Use unique, strong, long and secure passwords (with capital letters, special characters and numbers) on all accounts, and change them periodically.
  • Pay attention and analyze carefully and carefully before clicking on any link that arrives unexpectedly.
  • Lastly and always very important, have a security solution that provides comprehensive protection while consuming fewer resources.

In summary, ESET recommends, for everything mentioned above, that it is necessary to adopt good security practices, pay attention to signs that an offer may be a scam, and inform yourself about the methodologies that cybercriminals use to perpetrate their attacks. As well as listening to Conexión Segura, your podcast with timely verified information to know what is happening in the world of computer security, at:

With information and image provided by ESET Latin America and Comstat Rowland Comprehensive Strategic Communications

(Reference image: ESET Latin America and Comstat Rowland)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

You might also like