Category Archives: Blog

Influencer Accounts Being Stolen

Hackers are Stealing Top Instagram Accounts

By: Taylor Lorenz, The Atlantic

In early October, a publicist received an irresistible message via email. The publicist’s client is a top “influencer”—someone who leverages a social-media following to exert influence and, usually, make money, often by selling sponsored posts. “We would be extremely interested in a business partnership,” a man calling himself “Joshua Brooks,” wrote. His pitch was eye-popping: He was offering “80 Thousand US Dollars” for a single picture. Yes, Influencer Accounts Being Stolen by Hackers.

The publicist hastily agreed. Brooks, who claimed to have worked with other internet stars including Bella Thorne, Amanda Cerny, and Jake Paul, said that to get started, the influencer would simply need to log in to a third-party Instagram analytics tool, Iconosquare—a common request; many brands use tools such as Iconosquare to track the success of their influencer campaigns.

But the link Brooks sent wasn’t to—it was to, a cloned version of the site set up for phishing. Once the influencer logged in with the Instagram username and password, Brooks seized control of the account. Within minutes, he was spamming the influencer’s millions of followers with offers for a free iPhone.

Brooks has targeted several YouTubers, Instagram stars, and meme pages and used the stolen pages to promote scammy-looking apps and fake offers for free products. In the past month alone, he has seized @Fact, with 7.2 million followers; @Chorus, with 10.1 million; and @SnoopSlimes, with 1.9 million. After the accounts are seized, the hackers update the account’s bio to say “managed by SCL Media” and begin reaching out to brands via direct message, telling them to negotiate sponsored-content deals with SCL, not with the previous account holder, going forward.

According to its website, SCL Media is “a tech-media company building content brands for multicultural and niche audiences.” Its website lists clients including Netflix, Microsoft, and Comedy Central. But representatives from all three companies said they have no affiliation with SCL Media, nor have they worked with the company in the past.

Read: Stealing Social Media

The influencer-marketing industry has exploded over the past several years. According to a 2017 study by Influencer Marketing Hub, 420 new influencer-marketing agencies opened in 2017 alone, more than double the amount that opened in 2015. “We’ve seen the industry go from a rising marketing tactic to an essential part of most marketing budgets,” one executive wrote in Adweek. Analysts estimate it’s currently worth more than $2 billion and could reach up to $10 billion by 2020.

But this very lucrative, very new market still lacks critical infrastructure. There’s no standard method of communication, no formalized negotiation process, and, often, no paperwork. Rates can range widely from brand to brand and are often hashed out entirely via direct message. And because sponsored-content deals typically happen beyond Instagram’s official advertising mechanisms, the company is all but powerless to stop scams.

Eric Toda, the head of marketing at Hill City, a Gap brand, said that the influencer industry right now is like the Wild West. “You see a lot of people selling snake oil,” he said, “because the market is so saturated.”

Influencers as young as 13 are entering into brand deals with zero experience in negotiating high-value business partnerships. It’s all too easy for a scammer to entice them with the promise of a big paycheck, then hack their accounts or escape without paying. “It’s an underground world, and what a lot of people are doing is representing themselves as Insta experts when they’re hackers and scammers,” explained Lisa Navarro, the founder of Espire, a digital marketing agency that works with influencers. “They’re stealing accounts from children.”

Ruvim Achapovskiy, the founder of Social Bomb, a social-marketing agency in Seattle, said he’s seen branded-content scams increase sharply over the past year. They’ve also gotten more sophisticated. Hackers sometimes create their own fake brands to phish influencers, but often they pretend to be representatives from real companies. “They’ll set up some sort of username that’s something that seems like it would be legit, like @LuluLemonAmbassadors,” Achapovskiy said. “They’ll use all the company logos, make it seem as legit as possible, make the bio seem normal, use the company’s mission statement. It’s super simple.”

Once hackers gain control of an influencer’s account, said Moritz von Contzen, the founder of the Dutch social-media agency Avenik, they’ll often hop into the account’s direct messages and begin spamming other influencers with the same phishing links, before the hacked influencer even knows what’s happening.

Von Contzen said he sees this scam play out over and over again. He even fell for it once.

A year and a half ago, von Contzen was running a luxury-lifestyle-themed Instagram account with nearly 300,000 followers when someone reached out about a collaboration opportunity with several brands, some of which were well known for reaching out to influencers directly. “I was super young and inexperienced, so I was really excited,” von Contzen said. He logged in to the Instagram analytics tool the “brand representative” had provided. “It all looked legit. But as soon as I logged in and gave my password, I went back into my Instagram and bam—my Instagram was gone, and that was that.”

For young influencers with no direct contacts at Instagram or Facebook, it can be nearly impossible to retrieve a stolen account. Hackers will change the contact email address and phone number, and reset the username so the account is impossible to find. Then they’ll run ads on it until they can sell the whole page off for a large price, sometimes for more than $100,000.

Faisal Shafique, a college student who Instagrams under the handle @Fact, said he earns roughly $300,000 a year from posting sponsored content for brands like TikTok and Fashion Nova. When Brooks seized control of his account several weeks ago, it put those brand deals in jeopardy, potentially costing Shafique his livelihood. Shafique was able to retrieve his account before it was sold off, but he estimates that he would have lost a half a million-dollar property if he hadn’t.

Rachel Taton wasn’t so lucky. She began posting to an account called @BestScenes five years ago. By 2014, it had grown to become one of the largest meme pages on Instagram. Two years ago, she lost it to a hacker. Brooks’s particular scheme hadn’t taken hold yet, but she thinks someone obtained her password through other means. Throughout the years, she’s watched helplessly as her old account has changed owners, changed names, and run sponsored content for major brands. It’s now operating under the handle @FunStuff with 1.3 million followers.

“I realized how fast everything could be taken away from me,” Taton said. Shortly after her account was stolen, she quit the influencer game. “I realized that my priority should be focusing on a real job, something that can’t be taken away from me,” she said.

All the influencers I spoke to said brands have a responsibility to be more diligent about who they work with. Greg owns a network of Instagram pages with 50 million followers and asked to be referred to by a pseudonym to protect his clients. He said he’s seen several campaigns from mainstream brands running on pages that he knows to be stolen.

But, he added, the brands themselves likely don’t realize this. Many rely on third-party media-buying or advertising agencies to negotiate the terms of sponsored-content deals across the whole Instagram market. Sometimes a brand will vet particular pages, but Toda said that happens “very rarely.”

Stealing Social Media

A look at how it can happen.

Some employees have direct access to the corporate social media platforms, giving them the power to rename social media channels or post whatever they like. Say a former employee moves to competitive business, changes the name of the original social media channel, and immediately starts contacting the fans and followers on behalf of the new company. This happens all the time. It’s called Stealing Social Media.

The need for good contracts and agreements between employers and employees when it comes to social media is paramount. In addition, systems need to be in place to prevent this from happening.

This includes securing all passwords and changing them immediately prior to terminating an employee with passwords, as well as a strict copyright and ownership clause in the contract.

Analysts need to erase their digital footprints

When we talk about the work of gathering intelligence, most people conjure the image of a James Bond-esque spy, infiltrating an enemy organization under an assumed identity. But there’s another kind of intelligence gathering, just as important to commercial, military, diplomatic and political operations: open-source intelligence, or OSINT for short. OSINT is gathered from publicly available information sources like the news, government documents, and social media reports, among others. But in order to be effective, OSINT analysts have to be just as careful about concealing their online identities as clandestine operatives.

Online surveillance is just as prevalent and often more subtle than real-world surveillance. If the OSINT analyst doesn’t cover their tracks, it’s fairly easy for someone with the resources of a nation’s intelligence agency, or even a large corporation, to track down the identity of that analyst as they dig for information. The analyst must wipe away their digital fingerprints, so to speak.

“The digital fingerprint is pretty comprehensive, and there are a lot of things that can go into it. At its most basic level, a digital fingerprint includes information about your hardware and software profile, your network, your location, timezone, etc.,” says Nick Espinoza, head of technical solutions at Authentic8. “These are the sorts of things that the analyst needs to change or obfuscate, so he or she can collect information without tipping their hand. And not only that, humans are creatures of habit. So targets can begin to discern, based on your browsing patterns, what sort of demographic you might fall into in terms of age, income, spontaneity, general interests and so on. And in the intelligence space, whether it’s on the corporate or public sector side of things, having that level of detail on a user’s behavior, hardware, software profile, and everything else are absolutely detrimental.”

Because those fingerprints could potentially identify an OSINT analyst as working for a competitor or a government employee, an adversary could lock down previously available avenues of information.

That’s why OSINT analysts need a high level of training in the tools required to conceal their digital identities when gathering intelligence. VPNs, proxies and virtual machines are some of the more commonly known tools, but Espinoza says those only go so far. What’s far more effective, says Espinoza, is a remote browser platform like Authentic8’s Silo.

“Our company provides a web isolation platform with managed attribution. Essentially, managed attribution obfuscates who you are, what you do, and what you’re looking for. A combination of technology and tradecraft need to go hand in hand to enable an analyst to accomplish the mission safely and securely, without compromise,” Espinoza says. “We’ve architected our system to incorporate a lot of tradecraft and to minimize the signals that might indicate someone atypical is looking for a particular subset of information on, let’s say, a hacker forum, or a ship spotting blog, etc. Our goal is to enable better tradecraft and skillsets while reducing the digital signature of these analysts as they go about their job.”


Navigating Social Media After a Catastrophe

After the attacks on London bridge, Londoners rallied on Twitter using the hashtag #SofaForLondon, offering their sofas, and spare rooms to residents without homes.

During Hurricane Harvey, hashtags like #sosHarvey were used to call for civilian helpers when phone lines were down.

The world turned to social media to grieve, lend a hand and show support.

As a business owner, how should you post following a calamity? A genuine express for sympathy for those affected by the tragedy is one thing, but you do not want to be viewed as yet another company joining in just to improve one’s corporate image.

Here are some of the do’s and don’ts of responding on social media to a disaster.

What should you say?

“If the company isn’t directly involved, and the disaster is being covered by every media outlet, the best thing to do [may be] not to post anything,” said Brian McDonough, an associate at Evergreen Partners PR & Crisis Communication.

The No.1 reason not to post on your social media platforms is if it is in any way disingenuous or a ploy to market your business – for example, Cinnabon’s tweet after the death of Carrie Fisher in 2016.

“Don’t feel compelled to respond,” said McDonough. “To be received well, the company’s message must be genuinely empathetic and free of any political or promotional statements.”

“If [your] company is directly involved or has the resources to help, then you absolutely need to post something,” McDonough said. “It provides the public with some sense of comfort to know the company is aware of [the situation] and [is] responding to [it].”

“Every situation is different, and addressing the nuances of the tragedy is key to a successful communication strategy,” said McDonough.

“There should be an internal process in place [on how] to interact with social media on highly sensitive issues as they’re breaking,” said Chris Dessi, vice president of sales at PerformLine Inc.

“Step out of the marketing voice,” Dessi said. “Be a megaphone from the core of the brand.”

“Take time to really think about the message you want to put out,” said Massiel Bradberry, owner of Living Better Lives Counseling. “Don’t rush to post something just to be the first one. This is an opportunity to connect with your clientele at a time of vulnerability.”

“If you’re going to talk the talk, walk the walk,” said Maria Vorovich, co-founder of GoodQues. “Showing support is great if your consumers or brand are directly impacted. If your company is moved by the event and wants to raise awareness, [it] should expect to do more than just post on social media.”

“Consumers notice [brands that post] within the week of a hurricane,” said Vorovich.

Further, keeping your automated post schedule can make your company appear ignorant or out of touch, said McDonough.

“If every TV channel is covering a disaster, and your company is posting sale advertisements, or if a company tweets out condolences and 10 minutes later posts information about a weekend sale, that’s a problem,” he said. “In the eyes of the public, the company is trying to act like it’s business as usual when it’s not.”

“After a trauma, people need to feel safe and supported, so any social media posts should keep that in mind,” said Aimee Daramus, Psy.D, a licensed clinical psychologist at Urban Balance. “[Businesses] can post messages of support and solidarity or useful tips, such as hotlines, shelters, blocked roads or flooded areas. In other words, be an active, helpful part of the community.”

Source: Kiely Kuligowski and Elizabeth Palermo of Business News Daily

Even the royals need social media intelligence

Duchess of Sussex Meghan Markle has been taking heat through social media since her relationship with Prince Harry went public in 2016. Things were so bad that the prince ended up issuing an official statement condemning the “wave of abuse and harassment” she experienced.

Markle apparently isn’t the only member of the Royal Family who gets hounded by trolls online, either. Duchess of Cambridge Kate Middleton is also a target for trolls.

The strange thing is neither of them even use a personal social media account. Instead, they share updates through official royal platforms that have millions of followers.

Everything posted on official royal platforms receives hundreds of comments. And, as you might expect, many of them are from trolls trying to cause trouble.

Well, the Royal Family has finally had enough. They just published guidelines for interacting with royal social media channels.

The guidelines were made to help create a safe environment on all social media channels run by The Royal Family, Clarence House, and Kensington Palace.

Anyone engaging with its social media channels is asked to show courtesy, kindness, and respect for all other members of the social media communities.

Comments must not:

  • Contain spam, be defamatory of any person, deceive others, be obscene, offensive, threatening, abusive, hateful, inflammatory or promote sexually explicit material or violence.
  • Promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.
  • Breach any of the terms of any of the social media platforms themselves.
  • Be off-topic, irrelevant or unintelligible.
  • Contain any advertising or promote any services.

Those are some pretty lofty goals, wouldn’t you say? It’ll be interesting to see if it works.

If people don’t follow the rules the guidelines say, “We reserve the right to hide or delete comments made on our channels, as well as block users who do not follow these guidelines.”

However, getting blocked isn’t the worst thing that could happen to violators. They might wind up in the pokey.

It says, “We also reserve the right to send any comments we deem appropriate to law enforcement authorities for investigation as we feel necessary or is required by law.” Now that’s some strict enforcement.




Written by:

Mark Jones



The Fight that is Waging in Social Media

The importance of social media intelligence doesn’t lie in the business world only, the government deployed a new division in the fight that is waging in Social Media.

“We need to develop our asymmetric edge and bring focus to the orchestration of intelligence, information operations, cyber, electronic warfare and unconventional warfare,” Lieutenant General Ivan Jones, the commander of Britain’s field army, said as he announced the formation of a cyber warfare unit to fight “above and below the threshold of conventional conflict.”

The U.K.’s new special cyber operations unit, 6 Division (6 Div), will move beyond the typical cyber capabilities within the military sphere into full-blown social media “information warfare.” And here the primary adversary is Russia, which has turned the dark art of peddling fake news and political propaganda across major social media platforms into a national security strategy.

Much of the work of the new unit will be relatively traditional signals activities—jamming and intercepting enemy comms, supporting the field world of allied intelligence agencies. But as a sign of the times, the new unit also has an offensive and defensive propaganda remit—taking the social media fight to Russia as well as the various state-sponsored terrorist groups using those platforms to stir unrest and interfere in the workings of the West.

Philip Ingram—a defense analyst after years with British Military Intelligence—told me “this is the first step in the British Army recognizing and countering how the information sphere can be and is weaponized. It is critical that this is addressed at the defense level as well and coordinated with our NATO allies and in particular the U.S.”

Ingram met General Jones a day before the new division was announced, and was told that “this is a journey for the Army, starting with small adaptive steps enabling a better cycle of rebalancing for the future as threats evolve and develop.”

As I’ve written before, cyber warfare more broadly has reached a new phase this year, with increased levels of integration between the physical and cyber domains. The catalyst has been the Middle East, with escalating tensions between the U.S. (and its allies) and Iran—but the real battle has pitched the U.S. and those allies against Russia and China. “When people ask what keeps me up at night,” the director of the U.S. Defense Intelligence Agency said recently, “that is kind of the thing that keeps me up at night.”

Until now, most of the headline activity in the West has been around countering such threats, be that election interference, the stirring of popular unrest, or the peddling of a pro-Russia agenda. But the new group will go further, turning defense into attack, and Russia is as susceptible to information warfare as anyone else—and its spheres of influence in Eastern Europe and Central Asia are even more so.

The new cyber division within the British Army will pull recruits from existing special forces units, where there are strong cyber skills already in place. It will combine resources from existing units—including the 1st and 11th Signal Brigades and the 1st Intelligence Surveillance and Reconnaissance Brigade. There is a mix of special forces and intelligence resources applied to the offensive cyber capabilities we read about in the press—the two work hand in hand. But 6 Div will also widen its net, looking for a new generation of social media skills. This is as close as we have seen in the West outside the intelligence and private contractor domain to the government-run hacking groups seen in Russia and China, as well as Iran and North Korea.

“The character of warfare continues to change,” General Jones explained, “as the boundaries between conventional and unconventional warfare become increasingly blurred—we must create a campaign mind-set—our posture must move from reactive to proactive and our approach from passive to assertive.”

Those boundaries becoming blurred is the major change we have seen this year. Cyberwarfare has become an interchangeable battlefield tool—an attack in one domain and retaliation in another. And cyber warfare itself is multidimensional, with the mix of offensive and defensive capabilities with state-sponsored attacks on civilian targets.

This all sits within the broader sphere of hybrid warfare in which Russia takes the lead. The country has extended and consolidated its economic and military spheres of influence to exploit the weaknesses inherent in open societies. And, as I’ve written before, the media plays its part. Special forces and intelligence leaders will express their exasperation at the predictability of the western media response to events and how this is deliberately fueled by Russia’s strategists. The thirst for the drip-drip of ever new headlines—how those will play, how to keep it alive, the impact it will have.

Media manipulation links to the population interference that takes place through the abuse of social media platforms. And this is the latest evolution in the West—taking that fight to Moscow.

This year, 2019, has marked a turning point for Western military strategic planning. And when the history books are written, the conflict in the Gulf will be highlighted—the catalyst for more open cyber warfare than has been seen before—as will our belated coming to terms with the extent of social media’s patsy role in facilitating Russian interference in elections and campaigning. This latest news builds on a similar focus in the U.S., where we have seen the increased profile of Cyber Command in the military domain and the announcement of a cyber unit within NSA in the intelligence domain.

“The rebalancing, within current assets, is a very necessary start emphasizing the importance of capabilities that were closely held before,” Ingram said in writing up his meeting with General Jones. There is a legitimization here of these new capabilities, “grouping them into a formation with an identity and history puts them on the same footing as other elements an is the first win in a psychological and information battle to recognize their value.”

What’s as interesting is the West’s own use of the mainstream and social media to ensure that Russia and its proxies don’t have it all their own way. We have always seen that battle for hearts and minds in the physical sphere. What we’ve started to see with news of cyberattacks on energy grids in Russia and command and control networks in Iran is the beginnings of the same in cyber.

“State and non-state actors are continually seeking to gain an advantage in the grey zone that exists below the threshold of conventional conflict,” as General Jones put it. And so, moving forward, you can expect much more of the same.

“This restructuring is not the answer to everything,” Ingram said, “and nor will or can it meet all current threats, but it is the first step in a journey and that first step gives a series of capabilities—and for the new division with psychological warfare in its structure, that rebranding is important in influencing future Army force development.”

Zak Doffman

Founder/CEO of Digital Barriers

  • Sign up
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.
We do not share your personal details with anyone.