Criminals using compromised social media accounts to “post indecent images of children” says UK cybercrime organization

Action Fraud, the UK’s national reporting center for fraud and cybercrime, is warning of a very disturbing scam involving social media and “indecent images of children.” Details are light, but social media fans should take this as a warning to lock down their accounts immediately.

https://twitter.com/actionfrauduk/status/1552562651741519872

Based on multiple reports received, social media accounts are being “hacked and flooded with indecent images of children.” These attacks have been increasing month on month since January 2022, with 60 reports received in 2022. While the number isn’t enormous, the damage caused by just one such attack could have serious consequences for both viewer and account holder.

How does the attack take shape?

Accounts are hijacked and then used to post both images and video of indecent content containing children. Sadly, there is no mention of which platforms this content is being uploaded to. This makes giving platform-specific advice tricky.

There appears to be no financial motive to the attacks. Affected accounts are not held to any kind of ransom, nor does the attacker attempt to contact the victim by, for example, sending emails to the registered email account. They simply steal accounts and begin posting.

It’s possible some of the hijacked accounts aren’t used very often or even abandoned. The first time that the majority of victims reportedly learned about this criminal activity was when they received a “Your account has been suspended” notification.

Warding off the threat of illegal material

Nobody wants to see damaging content on their computer. You definitely don’t want bits and pieces of it being fanned out to several locations on your PC like temporary storage, caches, download folders, and so on.

Seeing such content can be incredibly traumatic and could also put you at legal risk in jurisdictions where viewing and storing such content is considered a crime—not just making or sharing such content. Considering the firehose that is social media, it doesn’t take much for a compromised account to begin spamming this material far and wide.

Action Fraud has released the following tips:

  • If you come across indecent images of children online, report it to the police by calling 101 or visiting your local police station. You should take with you the device you were using when you came across the images.
  • Do not, under any circumstances, screenshot, save or share the image. You will not be required to share the images with the police when making a report.
  • Use 2-step verification (2SV, also known as 2FA or MFA) to protect your social media accounts. 2SV can keep people from gaining access to your accounts, even if they know your password.
  • Ensure your social media accounts use a strong and different password to your other accounts. Combining three random words that each mean something to you is a great way to create a password that is easy to remember but hard to crack.
  • Victims of account hacking should not pay any ransoms, whether it is monetary or in the form of a ‘testimony’ video.

This is one of the more extreme reasons to secure a social media account, and reported numbers of this happening are low. The caveat: reports might be low because people don’t want to get into trouble. Taking some time to lock down your accounts is definitely a good thing. If you’ve ever thought “Why bother, what’s the worst that could happen,” well: watching your social media account sending illegal content to friends, co-workers, and family is probably somewhere near the top as an answer.

https://blog.malwarebytes.com/feed/