Fitzroy boutique owner Lyndsey Spark was watching her son play basketball when she felt her phone vibrate in her pocket. On the screen was a WhatsApp message from an unknown toll-free number asking her a single question.
“Hello, would you like to access your Instagram account again?”
Lyndsey Spark, at her Fitzroy boutique Somebuddy Loves You, was forced to create a new Instagram profile after her original one was hacked.Credit:Scott McNaughton
The message was an attempt from hackers to extort Spark in exchange for handing the account back.
Earlier that day, the boutique owner had received an email purported to be from Instagram asking her to verify her page and had unknowingly given her personal information to the hackers, who had locked her out of the account.
Spark contacted Instagram and reported the hack but did not hear back from the platform. Defeated, she abandoned her attempts to get the account back and created a new profile.
“The most frustrating thing is you put so much effort into setting up the account — you give them money and time and then when something goes wrong you get nothing in return and you have to start again,” she said.
Nigel Phair, enterprise director at the Institute for Cyber at the University of NSW, said social media giants were falling short in supporting users.
He said platforms such as Facebook, Instagram and Twitter should be compelled to provide help through a staffed helpline if they wanted to operate in Australia. Meta does not have a support phone number, and users in strife often have no option but to contact the company through a bot.
Screenshot of the message hackers sent to Spark after her account was hacked.
“If you look at the platforms they don’t put anywhere near enough effort into supporting their users because it’s just a cost to them and they like making profits,” he said. “We’re failing at every level when it comes to micro and small businesses, who rely on these channels.”
Phair said it was relatively easy for platforms to reclaim hacked accounts, but they were unwilling to resource the teams required to do it.
The phishing emails are often sent during the early evening and on weekends when the recipients are likely to be less vigilant.
For Michelle and Craig Tindale, the operators of True North Candle Collective, based in Noosa on Queensland’s Sunshine Coast, the message came as they were preparing to go out for dinner.
Like Spark, Tindale had clicked on a link in an email pretending to be from Instagram that claimed her business page had violated copyright laws.
The alleged scammers insisting on getting a response from Spark following their initial message.
After weeks of unsuccessfully attempting to reclaim the account, the couple gave up and opened a new profile.
“I’ve always said if my name was Kim Kardashian or Chris Hemsworth, I guarantee this would have been dealt with much quicker,” Tindale said.
A spokeswoman for Meta said users could verify emails by accessing a support inbox, which contained all of Meta’s official correspondence about their account.
“Online phishing techniques are not unique to Meta, and we will never request your password via email or direct messages,” she said.
Cybersecurity expert Guy Yunghanns said users failing to secure their online accounts were collectively “fuelling this global criminal industry”.
Australians lost almost $300 million in scams since the beginning of the year, with phishing through messages and phone calls being the most widely reported scam nationwide, according to data from the Australian Competition and Consumer Commission.
In a bid to address rising rates of online crime, AFP last year established Cyber Command, a specialised unit that investigates matters such as compromised business emails and ransomware attacks.
AFP Assistant Commissioner Justine Gough said the unit had prevented millions of dollars from falling into the hands of criminal syndicates but added that ransomware attacks were probably underreported.
Gough said that in the same way that people needed to lock their doors and windows, they also needed to take steps to protect information online.
“The reason phishing scams are so prolific is that that’s a way to open a door to obtain personal banking details and steal money,” she said. “We really do need to ensure that we’ve got the hygiene or the discipline in the use of our devices and technology.”
This includes backing up files, using sophisticated passwords, and enabling multifactor authentication – an electronic verification method that needs two or more pieces of evidence of users’ ties to the account – on devices.
Other ways to avoid becoming the victim of a phishing scam include logging onto social media platforms using the app or typing the URL into a browser.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.
Most Viewed in National
From our partners
Source: Read Full Article