2 mins read

Facebook, Instagram accounts latest hijack victims, release on ransom


Ruchita Sitlani and Reeva Sitlani, who run an online gift shop for women in Mumbai had just stepped out for coffee on August 30 when the phone rang. “This is a call from cyber crime department. Your Instagram account has been reported for abuse by 948 people and will be deleted in a day’s time. If you don’t want your account to be suspended, please link your personal email id to the account instead of your official business ID” said the brusque voice in the other end of the line.
The siblings own the store -Love At First Sight – with 12,000 followers on Instagram and 1000 on Facebook. At about the same time, in Vadodara, Mital Brahmbhatt, who runs The Closet, a women’s clothing store with 1,800 Facebook followers and 31,000 plus followers on Instagram, got a similar call from a person to share the One Time Password (OTP) sent to her phone.
Both calls originated from the same number and the caller made similar threats. “The man claimed to be from cybercrime centre of Mumbai and asked me to share the OTP for verification of our Facebook page with him or else our business pages will be deleted by Facebook and Instagram within 24 hours,” says Brahmbhatt, who did not share any password and cut the call immediately.
Sitlani, on the other hand, caved in. “I was shaking with fear thinking it was a call from Facebook. So, in the heat of the moment, I changed the official email ID of my Instagram account to my personal ID. Within half an hour, that person changed all the details of our page and changed the number and email attached to our page,” she told ET.
Sitlani is the victim of a scam that involves hijacking the Facebook and Instagram accounts of gullible users and demanding payment for their restoration. How does this scam work? There are two ways. One, every Facebook account is linked to an email ID and phone number. The scamster creates an OTP, which is sent to the account owner, by clicking the “Forgot Password” link.
The scamster then makes a call, pretending to be from “cybercrime center”, demanding the OTP be shared. Once the account owner shares the password, the scamster uses this to change the email ids and phone numbers.
The page with all the likes, followers and content now belongs to the scamster. Two, the scamster calls the victim, threatens to add a personal email ID — more easily hacked as compared to a business email service — to their Instagram and Facebook page. Then, the scamster hacks into the personal email account and takes control of their accounts. This type of attack can be carried out by using large set words like date of birth, email address and other details of the person online to figure the email password.
Online tools are easily available for these hacks. ET wrote to Facebook seeking details of any complaints it might have received about such hacks and how it addresses them.
“Protecting people’s personal information is important to us, and that’s why security is built into every Facebook product and design. Our security systems run in the background millions of times per second to help catch threats and remove them,” said a Facebook spokesperson in email response. Social network users are now turning to cybersecurity firms to help deal with such issues.
When ET called the number of the fraudster pretending to be a potential buyer of Facebook pages with a sizeable following, he agreed at prices varying from Rs 350 for a following of 1,000 to Rs 20,000 for a following of 50,000. Further inquiries about his connections with the “cybercrime center” met with the choicest of abuses in chaste Hindi.
“How does it matter whether I am from cybercrime of any city? I can give 1 million followers by Wednesday. I have many pages with me. Just transfer money to my Paytm account,” he said. Experts say a grievance officer based in India might be able to solve such complex cases faster.