19 August,2018 03:15 PM IST | Mumbai | Jane Borges
Sebetina Reddy was asked to take pictures of the code that Instagram had shared with her, to retrieve her account; the attempt was futile. Pic/Sayyed Sameer Abedi
It's rather easy to sift a fake email, from one that is not. But how impossible would it be to ignore the spam, if its subject line had your password flashing on it? On July 28, media professional Preeti Tandon (name changed), faced a similar conundrum, and therefore, chose to open the mail she received from "Abel Grabbe".
The sender claimed to have installed a malware on one of the adult websites she had visited, and in turn copied all her contacts on Facebook and Gmail, as well as the "inappropriate things" she had engaged in on her web camera. In return, Grabbe demanded she pay him $3,250 (Rs 2.28 lakh) as privacy fee. "Else, he threatened to share these details with my family and friends," Bengaluru-based Tandon said. "But, I hadn't visited any porn site, or used my web camera. The only thing that made this mail seem believable was that this person had my password." Tandon later learnt that she had been the target of a sextortion scam email.
Aashna Jogani's social media accounts were hacked by a spam caller
This month alone has seen a surge in hacking of social media and email accounts across the globe, with a Google Trends search showing a spike in searches for "Instagram hacked" between August 8 and 11. While the incidence rate, most linked to Russian cyber attackers, has one again put the spotlight on how vulnerable online platforms are, victims of hacking, have another grouse - the lack of support from the companies manning these sites.
Trauma of being hacked
The last two weeks have been harrowing for Mumbai-based PR professional Sebetina Reddy, 23, who opened a spam message sent from her friend's ID, on her private Instagram account. "Before I could realise what was happening, someone had changed my account password and hacked it," she recalled. For Reddy, who has been an Instagram user for nearly six years now, the data breach made her feel most vulnerable.
For starters, she no longer has access to the 1,400-odd photographs that she had posted on the platform. Worse, the hacker has been sending private messages to her female friends. "I spent the first few days trying to delete my account, through Instagram. Since the account was linked to an old email ID, which I couldn't remember, it became difficult to retrieve it. The Instagram team shared a code with me on email, and asked me to write it on a sheet of paper, along with my name and username, and take a photo of it with me in it. But, despite doing that thrice, I did not heard from them," she said. After giving up on the platform, she reached out to the Dindoshi Police four days later. The case is currently being investigated by the cyber cell. "Meanwhile, the account continues to remain active," said Reddy.
Several people across the globe have been target of the sextortion scam email
Aashna Jogani, 23, a food blogger and marketing manager, faced similar hassles after someone, who claimed to be from the Facebook team, called her on her mobile number in March last year, and asked her to share a code that was sent on her phone, to prevent her account from being hacked. "I didn't part with the code." However, right after the caller disconnected, she received an email notification, saying her Facebook and Instagram accounts had been accessed through another browser. When she tried to log in, she realised her passwords had been changed. "
The caller called back immediately, saying he would return the accounts, if I transferred money into his online wallet account, but I refused," said Jogani. Mails and calls to social media platforms elicited no response. A month later, with the help of an acquaintance in Facebook, she was able to retrieve her Instagram profile, but her Facebook account was deleted for good and, with it, thousands of memories. Though she registered a complaint with the Colaba Police, the case is still far from being solved.
When contacted, an official spokesperson from Instagram said, "We work hard to provide the Instagram community a safe and secure experience. When we become aware of an account that has been compromised, we shut off access to the account and the people who've been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts."
Get the right support
Vicky Shah, advocate cyber law, data protection and privacy, says that the biggest mistake that hacking victims do, is wait it out. They assume that help will come from the platforms concerned, but they only respond to legitimate requests from law enforcement agencies. Additionally, the quantum of complaints they receive is huge and its impossible to address each one of them, said Shah. "Sometimes they also approach cyber experts for solutions, and the chances of evidences being tampered are high or an approach may be from the technical perspective and not legal," he said.
"I would suggest that they approach the police immediately, as this would not only cut on the time lost, but also speed up the investigation process. From my own experience, at least 95 per cent of the cases are detectable," he says, adding that the investigation could take anywhere between 60 to 700 days. "Regular follow-up is also important," he says. This can prevent collateral damage.
Shah said that another common mistake that users do is to not read the privacy policy of the platforms and configure their security settings. "Generally, hacking of social media accounts is very target oriented. There is mostly personal motive/revenge involved, and the attempt is mostly to malign, misrepresent or defame the identity of someone," said Shah, adding that if hacking communities are involved, it is mostly to highlight the security concern of the said platform. Users need to be more aware of whom they are befriending, and how much they want the world to see of their life, and also, at what cost, said Shah.
How to maintain a secure account?
Inputs by Kanishk Sajnani, information security professional
Catch up on all the latest Mumbai news, crime news, current affairs, and also a complete guide on Mumbai from food to things to do and events across the city here. Also download the new mid-day Android and iOS apps to get latest updates