Site icon IATA News

Instagram Leads Crackdown on Account Fraud

Instagram is coordinating with other social media platforms, including Twitter and TikTok, to ban users who have been involved in stealing hundreds of single-word user names.

These short, covetable handles, known as “O.G. user names” (think keywords like @Killer, @Sick and @Miracle), are valuable because they are eye-catching and confer status; the people who first snatched them up were early adopters. Cybercriminals buy and sell the user names on dedicated forums and messaging apps.

The crackdown, which began on Thursday, follows a monthslong investigation by Instagram into ogusers.com, the primary forum in which these accounts are sold and traded. Instagram discovered that stolen account names were obtained through hacking, extortion, blackmail and harassment — and then could be sold for as much as $40,000. Such manipulation has gone largely unchecked for years. (Ogusers.com was also the forum where last year’s gigantic Twitter hack that affected former President Barack Obama, Elon Musk and many other celebrities was orchestrated.)

Ajay Pondicherry, 38, a real estate software entrepreneur in Los Angeles, was one of Instagram’s first few thousand users, so he was able to easily claim the handle @Ajay. Over the years, people had offered to buy or trade his user name, but he always declined to give it up.

“It was a sign that I was one of Instagram’s early adopters. I’ve always been a big fan of the product and having that handle just proved I was early on board,” he said. “I appreciated it more as people tried to hit me up and trade and buy it from me. It had cachet.”

On Feb. 21, 2019, Mr. Pondicherry found himself locked out of his email accounts. Then, his phone stopped working. When he checked his AT&T account the next day, his number was associated with a new phone.

What Mr. Pondicherry experienced was a SIM swap, whereby a cybercriminal exploits someone’s personal information to obtain control of their phone number from a wireless provider, then uses two-factor authentication to gain access to their personal accounts. After Mr. Pondicherry regained control of his AT&T account and tried to log into Instagram, he discovered that his handle, @Ajay, had been stolen by the hacker.

SIM swapping has been many cybercriminals’ favored method of obtaining valuable Instagram accounts and social media handles. (It was also the method used by hackers to take over the Twitter account of Twitter’s chief executive, Jack Dorsey, in 2019.)

But recently, cybercriminals in pursuit of O.G. user names have resorted to harassment and threats. According to Instagram, the people behind the accounts banned on Thursday — some of which had millions of followers — had subjected the owners of desirable Instagram handles to threats of swatting, revenge porn and violence.

Jackson Weimer, 22, the administrator of a meme account called @hugeplateofketchup8, said he has encountered hundreds of people who engage in this type of behavior online.

“Their main objective is to grow their pages, and selling these O.G. user names is a game for a lot of them,” he said. “Their objective is to do this to as many people as possible. Every meme page has encountered one of these people.”

After Mr. Weimer called attention to these practices on his own Instagram, he was met with a barrage of harassment. “They sent me pictures of my house on Google Maps,” he said of his harassers. “They told me they wanted to rape and kill my parents. They said that I’ll regret doing this. They sent me my address a lot and created an account ‘exposing’ me on Instagram, where they’d just post and make up lies about me.”

Instagram said that nine cybercriminals were behind the unauthorized seizure of hundreds of Instagram accounts, but the platform’s ban includes not just these nine users but middlemen who helped orchestrate the buying and selling of accounts on ogusers.com and Telegram, an encrypted messaging app. Many of the middlemen are young people, including teenagers, who view short handles as status symbols.

“It’s like driving a fast car when cars were important,” said Dr. Argelinda Baroni, a clinical assistant professor of child and adolescent psychiatry at NYU Langone Health. “Children in general want to be validated. Kids want to be cool. But kids do very dangerous things to obtain status.”

After noticing an alarming uptick in account theft and escalation in the methods used to acquire user names, Instagram took action in 2020 and began working with TikTok and Twitter to identify accounts across platforms.

“As part of our ongoing work to find and stop inauthentic behavior, we recently reclaimed a number of TikTok user names that were being used for inappropriate account squatting,” a TikTok representative said in a statement. “We will continue to focus on staying ahead of the ever-evolving tactics of bad actors, including cooperating with third parties and others in the industry.”

Twitter confirmed the company had also banned users for violating the platform’s policies on manipulation and spam. “This investigation was done in tandem with Facebook,” a Twitter representative said.

Rachel Tobac, a hacker and the chief executive of SocialProof Security, which hosts security training and workshops, said that the pandemic has pushed more young people into online communities where they can earn money and find camaraderie.

“It’s basically a lack of support and an increase in economic hardship, specifically under Covid-19,” she said. “I want to stress that this is a societal challenge that these minors are falling into cybercrime like this. We’ll always have criminals, but we’re going to see people, especially minors, turn to cybercrime when there is a lack of a support system or specific economic downturn affecting them.”

Instagram said it is sending cease and desist letters to individuals behind the theft of high-value handles and is collaborating with local law enforcement agencies to hold those involved in criminal activity accountable.

Though Instagram has previously banned meme accounts for violating terms of service, Thursday’s crackdown is the most public and decisive action Instagram has taken against people manipulating the platform for financial gain. But Will Dyess, the vice president of Dank Memes, an e-commerce and media company that runs several pages with coveted user names, said he was skeptical that the attempts at stealing the account would ever fully subside.

“Will @Stonks ever stop being a target? Probably not, especially not after last week,” he said, referring to the GameStop frenzy. “There will always be demand for certain user names, URLs. The real estate of the internet is finite.”

Mr. Weimer said that while Instagram’s account ban was a good first step, it doesn’t address the deeper issue at play: Young users simply want to make money on the platform.

“I think the pandemic has caused a lot of kids to try to make money in any way they can, no matter how scammy,” he said. “They have more time on their phone, they’re at home more often, a lot of kids have lost their part-time jobs.”

“If Instagram really wants to fix this problem,” Mr. Weimer continued, “they need to go from the top down and start paying people who create content so there’s no reason for people to make money in other ways.”



Source link

Exit mobile version