Brazil Lives a Cyberattack Epidemic

Ronaldo Lemos’ weekly column in the Folha de São Paulo newspaper

published in

19 de November de 2020


{{ its_tabs[single_menu_active] }}


One of the reasons behind this epidemic is the rise in social media usage during the pandemic

The Covid-19 crisis accelerated, out of need, the digital transformation of several processes. Yet, it also increased another issue. There’s a true epidemic of cyberattacks happening on platforms such as Whatsapp and Instagram.

One of the reasons behind this rise is the increase in usage of digital platforms. During the pandemic, Whatsapp saw a 40% increase in usage, according to data by the Kantar consultancy firm. In some places such as Spain, usage rose by 76%.

Among users aged 18 – 34, there was a 40% increase in usage of Facebook and Instagram.

Since people are spending more time online, without the safety protocols that enterprise networks provide in their offices, the “scope” for cyberattacks increased dramatically. In fact, you probably know somebody that had their Whatsapp account hacked recently.

There are different ways to execute this cyberattack. One of the methods takes advantage of a failure in Whatsapp Web, sending a false contact to the user. To solve this issue, it’s simple: update immediately your Whatsapp.

Another attack is when the scammer makes use of “social engineering” — that is, the infamous human failure. With a hacked Whatsapp or Facebook account or via messages sent to the victim’s phone number, the scammer pretends to be a friend that needs help. They say they are having issues to receive a code on their phone, and then ask the victim if they can send them the code.

The scammer then asks Whatsapp to send a verification code to the victim, who thinks they are speaking with someone of trust and ends up sending them the code. Then, the cybercriminal uses it to access the victim’s account.

Then, the scammer checks out their most frequently contacted users and sends messages asking for money or trying to hack even more accounts. It is quite a rudimentary cyberattack, yet proven to be effective.

Another similar cyberattack has been happening on Instagram, targeting verified accounts (those with a blue seal). Many Brazilian celebrities have fallen victim to this scam in the past weeks.

The cybercriminal uses a hacked verified account to change their name to “Instagram Support”. Then, they send a message to other accounts (verified or not) saying they have an offer to verify their account or even a process to renew the verified seal. Since the hacker has a verified seal, they manage to convince people to click on the link. They then use the victim’s personal info to take control of their account.

There are lessons to be learned from these cases. First, always activate two-step authentication on all your accounts. If a third factor is available (such as the PIN on Whatsapp), activate it too. Also, keep in mind that on the internet no “general identity verification system” exists. Thus, you can’t trust anything.

Even if somebody that contacts you has a blue seal or is a verified account, be suspicious.


It’s gone: not worrying about cybersecurity

Now in: the Brazilian General Data Protection Law, which establishes safety protocols on data

Coming up: A cyberattack epidemic and the need for people and businesses to be prepared

{{ pessoas.pessoaActive.title }}