Hackers Are Using An Effective Way to Spread Fake News From Verified Accounts

| June 17, 2017

Social media networks are no doubt a quick and powerful way to share information and ideas, but not everything shared on Facebook or Twitter is true.

Misinformation, or “Fake News,” has emerged as a primary issue for social media platforms, seeking to influence millions of people with wrong propaganda and falsehoods.

In past years, we have seen how political parties and other groups have used spoofed social media profiles of influencers or leaders to spread misinformation, and most of the time such techniques work to successfully convince people into believing that the information is true.

Although social media services like Facebook, Twitter, and Google, offers account verification (verified accounts with blue tick) for public figures, we have seen hackers hijacking verified accounts to spread fake news from legitimate account to their millions of followers.Now, researchers have uncovered a new, cunning attack technique currently being used by hackers to take over verified Twitter accounts and rename them to influential people in order to spread fake news.

Dubbed DoubleSwitch, the attack begins with a simple account takeover, but then the hackers change the username and display name with the one having a large influence on social media.

According to a new report from digital rights group Access Now, hackers are targeting Twitter accounts of journalists, activists, and human rights defenders in Venezuela, Bahrain, and Myanmar, some of them were verified with a large number of followers.

This attack was discovered when two journalists — Milagros Socorro and Miguel Pizarro, a member of Venezuela’s parliament — were hacked and then renamed.

What’s creepy? The hacker then registered a new account, resembling with their original profiles, under the original usernames (Twitter handles), but using the attacker’s controlled email addresses.

This means, every time victims try to recover their accounts using regular password reset option, the confirmation emails will be sent to the hijacker, who pretends that the issue has been resolved, making it almost impossible for the victims to recover their account.

Hackers then use hijacked verified accounts, but renamed to another influence, to feed fake news to the millions of followers of the original accounts.While it’s unclear how the hackers managed to hijack the verified users at the first place, it is believed that the attack begins with malware or phishing attacks.

Category: hacking

About admin: View author profile.

Comments are closed.