Social media profiles with the blue pimp (verified) are targets for cybercriminalswho seek to seize these accounts to market them.

According to the Dijin of the National Police, in 2020 in Colombia identity theft skyrocketed 409%, and a study by the TransUnion financial information center digital impersonation in the world showed that 149%, while in the country 243%.

In order for the victim to fall, hackers use various methods. The most common is through social engineering attacks (phishing, messages that seem very real) by direct messages or emailswhich usually involve multiple steps.

How does it work? Seeing that the profile is verified, the attacker investigates the potential victim to gather information about her and use this data to bypass security protocols.

In most cases, cybercriminals work to gain the user’s trust and then manipulate it. For example, they can write you a DM on Twitter, with a user who seems to support the app, telling you that an email or a code has just arrived. That’s when you get fake notifications that look real.

For example, there are phishing websites that often look like a Twitter login page, but are not: these messages can include harmful attachments or links to spam sites.

behind everything seek the user to divulge confidential information to violate security policies: They ask for access codes or data that allow them to enter the profile and take over the account. But remember, “Twitter will never ask you to provide your password in an email, direct message, or reply,” the company explains on its corporate blog. And doubt that a support is writing to you directly.

To this is added the advice of the security company Fortinet in a statement: “If the attacker uses social networks to establish a relationship with his target, it will be easier to create the necessary trust to get him to click on malicious links or enter private information. sensitive in an online form”.

These malicious links lead to different types of malware such as viruses, Trojans, spyware (spyware) and ransomware (data hijacking).). Cybercriminals use malware to access devices and networks to steal data and take control of systems, create botnets, cryptojack, or damage systems.