• Instagram identity theft on the rise!

    Posted by ANUYAN on April 30, 2021 at 12:25 am

    Online identity theft is a frightening real crime, even though it happens online. In this article, Ukrainian journalist Valeria Kovtun, currently an LSE MSc student, gives her first-hand experience of the struggle to stay secure on social media.

    Hi, this is all weird, but I have just stumbled across your profile, which is probably not yours.

    I received this message from one of my Instagram followers. She attached a screenshot of a profile of ‘Eliza Ostrovskaya’, where all pictures and texts were mine. I panicked.

    Someone had stolen my data from Instagram and Facebook to create a fake identity. That profile had around 300 followers and was actively posting stories, replying to messages and comments. Moreover, it later turned out “Eliza” had created a CV claiming to be a journalist from Ukraine who graduated from LSE and was based in New York.

    Instagram removed this fake account within seconds after I reported it. But the fears remained: all my social media profiles are private which means my data was stolen by someone who I myself had approved. Who knows how many more fake profiles with my data might be there on the Internet and what for?

    The Illusion of Privacy?

    This situation made me question the notion of privacy on social media: is it an illusion? Once you are registered, the data you voluntarily share no longer belongs only to you. The action of sharing itself suggests you are giving a consent to someone else using your pictures, videos and texts. Even if the number of people who can view your posts is limited, your privacy is still at stake as you can hardly make sure everyone from your friends list is adhering to the code of ethics.

    Protecting your privacy by abstaining from any activity on social media, on the other hand, means depriving yourself of a variety of gratifications. The benefits of being an active user, such as popularity, creating bonds, getting emotional support and gaining social capital often mean privacy concerns are compromised. Data scientists call it ‘privacy paradox’, when there is a clear discrepancy between users’ behaviours of disclosing personal information and their fears about data theft. In other words, we are expressing the need for privacy but at the same time cannot stop sharing.

    Protecting data online has always been one of the valid concerns among users but there is still no effective and quick mechanism to identify and punish data thieves. If your account is being hacked or your data misused your first action would not be calling the police, even though this is considered a crime. You are more likely to be left alone to fight with a thief and reclaim ownership of your identity.

    Staying Alert

    Last year, in the middle of the night I received a notification that I was logged out of my Gmail account. A hacker changed the backup email and the phone number in the settings so that I could not retrieve the password. In panic, I rushed to Google asking for help. Yet Google only had recommendations as to how to protect my account rather than how to retrieve access once it is hacked.

    In a few minutes, I received another notification, this time from Facebook, warning me of some suspicious activity. I immediately changed the email address linked to Facebook but the hacker was already there continuously trying to reset the settings. The battle was ongoing for half an hour until Facebook blocked my profile. Miraculously Google identified a hack and allowed me to verify my identity and change the password. Next day, I learnt that many of other Ukrainian journalists’ accounts on Facebook had been hacked the previous night. Some of them told me they were blackmailed: hackers threatened to share their sensitive information.

    After this incident, I made all my accounts more secure. With the lack of regulation on social media, prevention seems to be the most effective tool to fight hackers and protect your data. If you are an active user with a wide network, there is nothing social media can suggest to insure you against identity theft. Instead, these companies are heavily relying on users to report suspicious activity and help alleviate frauds on the platforms. If my Instagram follower hadn’t messaged me about that fake account, I would probably have never learned about its existence, and so would not have reported and removed it. ‘Staying alert’ is as necessary on the internet as it is in real life.

    This article by Ukrainian journalist Valeria Kovtun, currently an LSE MSc student in the Department of Media and Communications.

    Rose replied 3 years, 2 months ago 4 Members · 3 Replies
  • 3 Replies
  • David

    Member
    October 7, 2021 at 6:16 am
    Newbie

    Thanks for sharing.

  • Lacey

    Member
    October 7, 2021 at 12:19 pm
    Newbie

    Seriously I would probably have never learned about its existence, and so would not have reported and removed it. ‘Staying alert’ is as necessary on the internet as it is in real life.

  • Rose

    Member
    October 7, 2021 at 4:40 pm
    Newbie

    Firstly, when shopping or banking online, make sure you are using a secure wireless connection and make sure all your devices have comprehensive security software that protects all your PCs, Macs, tablets and smartphones.

Log in to reply.

Trustscore

Domain: dropbox.com

Established: 1995-06-28

Server IP Address: 205.251.193.59

Domain Blacklisted: No

In computing, a blacklist, disallowlist, blocklist, or denylist is a basic access control mechanism that blocks all malicious elements (email addresses, websites users, …)

Suspended Site: No

When your website account is suspended, it means the hosting provider has temporarily taken it offline. Website hosts often suspend websites for a myriad of reasons ranging from malware to spam.

Email (MX) Configured: Yes

Verification that the website has its entity’s proper IMAP (Inbox) and SMTP (Outbox) mailbox servers configured correctly.

DMARC Configured: Yes

DMARC is an open email authentication protocol that provides domain-level protection of the email channel. DMARC authentication detects and prevents email spoofing techniques used in phishing, business email compromise (BEC), and other email-based attacks.

SSL Cert Blacklisted: No

Hackers have discovered ways to circumvent, alter, or abuse SSL certificates. An SSL certificate blacklist is a list of untrustworthy SSL certificates that have been created and can potentially harm users.

Website Popular: No

Risky TLD: No

The TLD (Top Level Domain) are the last characters of an entity’s website name, such as .com, .org, etc. Cyber-criminals and threat actors prefer a small set of 25 out of the thousands of available extensions, which accounts for 90% of all malicious sites. A Risky TLD is verification that the domain name is not to be trusted.

Heuristic Pattern: No

If a website uses Heuristics, then it is a scanning method that looks for malware-like behavior patterns. It is commonly used to detect new or not-yet-known malware.

Risky Geolocation: No

Verification to an entity’s geolocation status being labeled as ‘Risky’.

Suspicious Domain: No

Verification the entity’s domain is not listed as being “Suspicious”.