With more social media users reporting their accounts being hacked and turned into scam accounts, a University of Guelph cybersecurity researcher says many cybercriminals are using sophisticated techniques to exploit trust and carry out these scams.
Dr. Ali Dehghantanha is a professor in the School of Computer Science at the College of Engineering and Physical Sciences. He is the Tier 2 Canada Research Chair in Cybersecurity and Threat Intelligence, and the director of both the Cyber Science Lab and the master of cybersecurity and threat intelligence program at U of G.
Hackers exploit a user’s trust in several ways, explains Dehghantanha. One involves taking over a business’s website to lure in victims. If the business hasn’t set up good security, hackers can compromise the website and display fake links and images using “deepfake” technology.
“It’s very easy to generate pictures, videos and text messages that seem very believable,” he says. “But they’re fake, completely fake.”
As those deepfakes remain on the website, they shape the user’s opinion of whatever they are presenting, allowing the hackers to build trust in the users. Once a user clicks on links to a service – say, for a dog grooming service — they open access to the hacker to steal the user’s cryptocurrency, NFTs or other digital assets, or to take over their account completely.
“It’s like if I gave you a lock for your door, but then I go and give the key to a stranger,” adds Dehghantanha.
Be careful with screenshots
Hackers can also gain access to user’s digital assets or account through the information carried in screenshots. Once a user sends a screenshot to a hacker, the hacker can gain personalized information about that user and exploit it.
“By sending a screenshot of a dog, for example, a user can unknowingly give the attackers the opportunity to leverage their choice. They can come back later with a link and say, ‘I have a service for your dog,’” says Dehghantanha.
He recommends social media users follow basic cybersecurity measures on their accounts, like setting up multi-factor authentication. Businesses should also enable security features to help prevent potential attacks.
Dr. Ali Dehghantanha