by Lisa Norman
Let’s face it: the internet is full of killer robots out to make your life as difficult as possible. Scammers and crooks are constantly looking for ways to trick you into giving them money. And let’s not even talk about the nation-state-level hackers.
This is a digitally dangerous time.
I’ve had several clients come to me in a panic because some criminal had hacked their social media accounts. They were desperate to know what to do.
Here’s the twist: none of their accounts had been hacked.
They’d been cloned.
What is cloning?
I gave an example of this when I talked about trolls in a previous post.
Cloning attacks are based on social engineering. If you are a friend or a follower of a specific account, you are more likely to do something that person asks you to do.
As authors, we are on social media in order to influence people and encourage people to buy our books or services. We’re building up our reputations as reliable sources of information. For example, if we say a book is good and that people should go out and read it, hopefully people will!
But what if you learn a new trick with NFTs (Non-fungible tokens) or cryptocurrency? Everyone’s a little confused by those these days. If you step up and say that you know how these things work and you’ve made a ton of money, people are likely to be interested. They’ve learned to trust you. They’re likely to follow your advice. But what if the “you” isn’t you?
And here’s where the problem comes in. No one has to hack your account. They can copy your pictures and look at your public follower list. They can create a fake account, claiming to be you, and then they reach out to your fans and followers with a story about how your old account was hacked and this is your new account. Once they get a few people to become their friends, the damage can spread like ripples, the way everything spreads on the internet.
Before long, the scammer has your followers, and they can now encourage them to embrace a crypto scheme. Your followers lose money, and your reputation is damaged.
How can we prevent cloning?
All we can do is react to it promptly and use the tools available to us to make it as hard as possible for them to clone our accounts.
One important step that you may take on some platforms is to have your account verified. You’ll notice a check mark next to some accounts on various platforms. These are accounts that have gone through an additional screening process to let the platform know they’re the real individual. By necessity, social media platforms don’t make it easy to become verified. Sometimes they involve taking a picture with your driver’s license or other ID and submitting it through a secure form. Some even involve getting something in the mail.
Different platforms have different procedures. Once your followers on a platform begin to grow, consider becoming verified.
What to do if you think you’ve been hacked?
A friend messages you that someone has hacked your account.
Take a deep breath.
How you respond to that first moment of panic is critical. Remember: all is not as it seems on the internet.
Your friend may not even BE your friend. It could be someone masquerading as your friend in order to get you to click a dangerous link.
Do not click on any links in emails or messages. Also, don’t do a search and click on the first link that comes up! Scammers, vile con artists and thieves that they are, absolutely can and do pay for ads to get their scam advice to the top result on search engines. If you need to search for advice, pay close attention to the URL you are visiting.
This is the moment that will determine how much damage is done. You must react quickly, and you must not panic. You must stay calm and focused, checking every link before you go anywhere.
Ask your friend directly (by phone, email, or in person) for details about the message. Where did it come from (Facebook, Twitter, etc.)?
Go directly to the platform (Facebook, TikTok, etc.) and look for the evidence your friend gave that you’d been hacked.
If your friend says, “I got a message on Facebook from you that didn’t sound like you,” look at the history of your recently sent messages. If you can’t find a record of your account sending that message, you haven’t been hacked, you’ve been cloned.
What if your history shows that the message was sent from your account, but it wasn’t you who sent it? Then someone else has been using your account: you’ve been hacked.
I’ve been hacked!
Now, you’re sure.
- Change your password immediately.
- Log out of everywhere the account is logged in. The platform will have tools to do this. Yes, it’ll be a pain. You’ll have to get back in. So will the hacker, and it’ll be harder for them than for you.
- Set your password to something even you won’t be able to remember. Never reuse passwords.
- Figure out how far the damage went and do what you can to repair it. Start with checking your bank accounts and then proceed to checking on your reputation. This is the hardest step.
- Monitor your accounts to make sure the hacker doesn’t try again.
I’ve been cloned!
Cloning requires a different response.
- Do a search on the platform for users with your name. Some names are common, but a clone will use your current avatar or possibly an older one.
- Identify the clone.
- Report the clone using the platform’s tools.
- Have your friend report the clone.
- Look at the friends that are on the clone’s account. Hey, they know who your friends are by checking your account. Check theirs! If you see that any of your friends have fallen prey to the clone, let them know what is going on and encourage them to report the clone. Be careful. Make sure they report the clone and not you.
- If you haven’t already, get your account verified. Note: some platforms won’t deal with clones unless they are attacking a verified account.
Our profession makes us public figures. We need to protect our reputation in any way we can. You can’t prevent cloning; you can only respond well to it.
If you think someone has been hacked, take a moment to check before scaring them. If you discover a clone, report the clone to the social media platform if you can, then let your friend know what you experienced. Remember: it isn’t your friend’s fault if they were cloned. They need to know what is going on, but you don’t want them to feel blamed or threatened.
The most important step is the one that feels less instinctive: that moment of breathing.
Social engineering attacks thrive when you react based on gut instinct. They’ll trick you into even more danger, and if they can, they’ll steal your identity, your money, and your friends. They are greedy, and they are ruthless.
Take a minute and breathe.
Then react calmly and carefully.
Have you been cloned? Have you seen someone else get cloned? What do you think the goal of the attack was?
* * * * * *
Lisa Norman’s passion has been writing since she could hold a pencil. While that is a cliché, she is unique in that her first novel was written on gum wrappers. As a young woman, she learned to program and discovered she has a talent for helping people and computers learn to work together and play nice. When she’s not playing with her daughter, writing, or designing for the web, she can be found wandering the local beaches.
Lisa writes as Deleyna Marr and is the owner of Deleyna’s Dynamic Designs, a web development company focused on helping writers, and Heart Ally Books, an indie publishing firm. She teaches for Lawson Writer’s Academy.
Interested in learning more from Lisa? See her teaching schedule below.
Lead Image by B_A from Pixabay