“My mom’s Twitter account has been hacked. Please don’t put money in these links, it’s a scam,” Oriana Sabatini tweeted, citing another message. Indeed Catherine Volop He lost control of his profile on that social network by one or more hackers.
The message in the Fulop account spoke of a donation drive for children abandoned by their parents. There was a link to Paypal. Of course, it was a hoax, an account for cybercriminals to receive money.
Fulop said in an interview with morning angels.
I also read: They pretended to be Catherine Fulop and staged a Twitter scam
He also realized a mistake that many have unfortunately repeated: “I must confess and blame myself for it I had some very silly passwordsAnd sometimes we have a key to everything, one more thing I did wrong.”
Step by step: This was Katherine Fulop’s hacking
Catherine Fulop called us and She told us she was hacked at that time. They have accessed your Yahoo! his, which is the account he used to recover passwords, and it was the oldest account he had for emails,” he explained to TN Techno Gabriel Zordo, CEO of BTR Consulting, the computer security company that has worked with the Venezuelan.
“Everything was very fast. Friday morning he discovered suspicious activity and confusing situations. At noon we started the investigation. The behavior was erratic. They pretended to be on Instagram, Twitter and Google. Couldn’t tell which connection is real and what’s fake. We determined that he was the victim of a cyber attack. That afternoon/evening we confirmed the intrusion on Twitter. Saturday dawn, we confirmed that they had accessed the Yahoo! account. We began the process of negotiating, containing and implementing protection and emergency measures throughout that day. The specialist explained that “the accounts were retrieved at noon on Sunday.”
Why did this account fall and not others like Facebook and Instagram? The essential detail that no one should miss is the two-step authentication.
“They entered Twitter, as it did not have two-factor authentication. Then they went to Instagram and Facebook, which had the double factor. But Zordo added that SMS text messages and emails started arriving with logos of platforms that were trying to steal from him, with “suspicious access attempt alert” notifications.
parallel They wrote to him via WhatsApp from a supposed cyber security companyWarning that they were trying to hack it and provide their services. Of course, specialists believe that the same gang of cybercriminals can solve the problem for a certain amount, or even worse, gain access to other platforms.
“at that moment, When they betray us, we are all the sameCatherine Fulop or Aunt Berta. “Ordinary people, regardless of their economic ability, level of education or social status, are all in the same place,” Zordo added.
What’s complicated is being able to detect that we’re under attack, and that seemingly formal communication is actually a hoax. “The platforms, due to the scale of the volume, cannot process the claim and seek help in a timely manner,” the computer security specialist explained.
The clues behind a potential hacker gang
“Forensic evidence showed us that it was a similar case to another. The intruder spoke to Catherine and asked her to “help” by the end of the year. We think it was a gang. We ask her to speak with this person. We found out Her passwords were handled on a page From the Deep Web, something that can be easily checked in pwned, a portal that works to find out if our mail or cell phone has been compromised in a leak.
“We believe this Yahoo password was leaked and they bought it there,” the specialist said. In the case of Catherine She had very trivial and easy passwords. And also a perennial, which has not been replenished for a long time. He added that this enabled criminals to establish a pattern to take control of its oldest Yahoo! account. , which was used for the “forgot password, recover it” process.
“I contacted the scammers, they were blackmailing me on the phone and kept sending me messages. They asked me for a lot of money, and they earn in pesos $900 of Bitcoin to recover Twitter data, because they still don’t have my Instagram account. “They called me on my cell phone from three or four phone numbers, one in Rosario, one in Cordoba, one in the Dominican Republic, and also phones as if they were from the United States,” the Venezuelan actress said.
“This person, after being in control, had time to manage Yahoo’s security settings. When we went to Instagram and asked for the security code on Fulop’s phone, he in the email account took out the recovery account and put his own. He had enough time up front to manage everything. Prepare the ground for the attack to be more efficientleftist said.
I also read: A hacker sent me an ID photo and told me how they stole WhatsApp and Instagram accounts with “social engineering”
However, experts could not confirm whether the person was isolated or a gang. “We think it’s a band pretending to be a person. They realize this from a message they’ve already seen repeated over and over again. ‘I’m Gisniel, I don’t want to do anything wrong,'” the alleged hacker wrote, who then asks for ‘collaboration.’ It’s a way of appearing less More like a criminal gang and more like someone who needs money for something specific,” they told the cybersecurity firm. TN Techno.
Recover account and passwords to avoid hacking
It is not easy to “win” the cybercriminal to prevent damage once it has occurred.
“We ask her to talk to the intruder to entertain him. And while we did Instagram, Facebook and Twitter “unplug” the Yahoo! , the recovery option is no longer when you click “forgot password” and put a new one. The truth is We take advantage of Kathy’s acting skills to keep him busy As we work from behind,” Zordo explained how they were able to recover the Venezuelan’s profile.
Specialists – and good hackers too – never tire of emphasizing the most important thing: avoid simple passwords, such as 123456, pet or spouse names, football club. “In general, it is data related to the things that people post on social networks. “We have identified in studies that users often build passwords with personal information disclosed on social networks,” said CEO of BTR Consulting.
Another important detail, which is what prevented Fulop from stealing other accounts, is Two-factor authentication, available on WhatsApp, on Google, on social networks and platforms. The specifics are that for other types of scams it is not convenient that the second authentication method, added to the password, is an SMS.
“Double factor can be received by SMS, but that assumes we control our streak. The difficulty is that at the end of the year we counted 235 different forms of digital fraud, one of which is SIM replacement, especially our quest for full access to the mobile device and in the same movement to prevent double-factor authentication. ‘, Zurdo detailed. This is also related to what a young hacker from Mendoza said recently TN TechnoMethods of cloning phone lines to steal WhatsApp accounts and social networks.
A key detail of Zurdo is mistrust and caution: “We should be suspicious of the messages that reach us, by mail or through social networks. Many of the messages appear to be original but are actually well-planned hoaxes. Must Be careful what we share on social networks, and even on WhatsApp, today it is also understood as a social network.”
Lifelong foodaholic. Professional twitter expert. Organizer. Award-winning internet geek. Coffee advocate.