Skip to main content

TYPES OF ATTACKS USED TO COMPROMISE SOCIAL MEDIA ACCOUNTS

CYBER THREATS


  1.  PHISHING:

 Phishing is very easy and considered as n00b technique but it is one of the most effective techniques to hack social media accounts. There is 50-50 chance for a hacker to get victims password using Phishing if your victim is not aware of basic internet terminologies. There are various ways of carrying out a phishing attack. The most common one is where a hacker creates a replica of a login page which looks like the real social media page. The victim will then think it’s the usual login

The most common Phishing to create a duplicate of a login page which looks like the real login page. The victim thinks it’s the usual social login page so he enters his login details in phishing page. Once the victim is logged in through the fake page, the email address and password are stored in a text file or in hacker’s database.

How to detect Phishing Page?

  • Check URL of the login page.
  • Never login your social media account on other devices.
  • Use Modern web browsers that identify the phishing page.
  • Avoid emails or text messages that ask you to log into your social media account.

2. KEY LOGGING:


Keylogging is one of the easiest ways to hack a social media account. A keylogger is a program that records and monitors the user’s input and keeps a log of all keys that are entered. The keylogger can actively send your inputs to hackers via the Internet. You have to be very careful while dealing with keyloggers because even the computer experts become victims of keylogging.

How to detect Keyloggers?

  • Scan your USB drives before using them
  • Download software from trusted sites only
  • Use a good antivirus

 3. MAN IN THE MIDDLE ATTACK:


In this method, the hacker secretly relays and possibly alters the communication between the server and victim who believe they are directly communicating with each other. The hacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the hacker. The Hacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of wireless access point can insert himself as a man-in-the-middle.

How to avoid MIME attacks?

  • Use VPN services
  • A proxy server to access the internet
  • Use good antivirus with good firewall options

4. SOCIAL ENGINEERING:

Social engineering is a simple method that’s based on collecting as much info from the victims as possible. The information may include the date of birth, phone number, security questions etc. Once a hacker gains access to this info, he can brute force the info or use recovery methods to get login passwords.

How to avoid Social Engineering?

  • Never share personal info via email or phone
  • Avoid links from unknown or suspicious sites

5. SESSION HIJACKING:

When you log in to your social media account, your browser and the social media’s server maintains a session for user authentication. The session details are saved in your browser’s cookie files. In session hijacking, the hacker steals those cookies and then access the victim’s account. Session hijacking is most common when accessing Social media websites on an HTTP (non-secure) connection and it is widely used on LAN and Wi-Fi connections.

How to avoid Session Hijacking?

  • Do not use Social media websites when connected to shared Wi-Fi or LAN.
  • Try to clear cookies every 2-3 days or if possible daily

6. SAVED PASSWORDS:

Most of the time we share our login and credit card details in the web browser. Anyone can see your Social media account from your browser’s password manager. A hacker can get physical access to your computer and insert a USB programmed to automatically extract or retrieve saved passwords in the Internet browser or any other information the hacker may need.

How to avoid Password Hacking?

  • Try not to save passwords in web browsers
  • Do not share your device with people
  • Block the device connectors

7. DNS SPOOFING:

If a hacker is on the same network which is connected to the Victim, he can change the original page and replace it with his own fake page and easily gain access to the victim’s social media account.

How to Avoid DNS Spoofing?

  • Always configure it to be secure against cache poisoning
  • Manage your DNS servers securely

8. BOTNETS:

Basically, botnets are networks made of remote-controlled computers or bots. These bots have been infected with malware that allows them to be remotely controlled. It’s expensive to set up botnets and this makes them be minimally used in cases of hacking login accounts. Some very popular botnets include spy eye and Zeus.

How to avoid Botnets?

  • Keep all your software up to date
  • Ensure that your firewall is always on

9. QRL JACKING:

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, In a nutshell victim scans the attacker’s QR code results of session hijacking.

Here’s how the QRLJacking attack works behind the scenes:

  1. The attacker initialize a client side QR session and clone the Login QR Code into a phishing website “Now a well crafted phishing page with a valid and regularly updated QR Code is ready to be sent to a Victim.”
  2. The Attacker Sends the phishing page to the victim. (a lot of efficient attack vectors are going to be clarified later in the paper)
  3. The Victim Scans the QR Code with a Specific Targeted Mobile App.
  4. The Attacker gains control over the victim’s Account.
  5. The service is exchanging all the victim’s data with the attacker’s session.

Accounts Hijacking

QRLJacking attack gives attackers the ability to apply a full account hijacking scenario on the vulnerable Login with QR Code feature resulting in accounts stealing and reputation affection.

Information Disclosure

When the victim scans the QR code he is giving the attacker much more information like for example (his accurate current GPS location, Device type, IMEI, SIM Card Information and any other sensitive information that the client application presents at the login process)

Callback Data Manipulation

When the attacker receives the data which we clarified in the “Information Disclosure” point, Some of this data is used to communicate with the service servers to clarify some information about the user which can be used later in the user’s application. Unfortunately sometimes this data is exchanged over insecure network connection which makes it easy for this data to be controlled by the attacker giving him the ability to alter or even remove it.

As an example, WhatsApp sends back the browser version, OS version and the current location of the browser. Thanks to QRLJacking attack, this data is now on the attacker’s side, Attacker can intercept and alter this data to poison the login logging date on the victim side. see figure (2) and figure (3)