Right-wing influencers suffer wave of hacking on Instagram

A dozen prominent voices on the Brazilian right have been under attack from hackers on social media, especially Instagram. Many of these people have two-factor authentication suggested by the network for more security, which has not been proven in practice. With the invasion of accounts, scammers are targeting millions of followers in an attempt to extract financial amounts.

Journalist and columnist for Gazeta do Povo Cristina Graeml was one of the victims. She has more than 400k followers on Instagram alone. According to the journalist, many people fell into the financial scam. “There are dozens of right-wing influencers who had their accounts hacked. Many of my followers fell for the scam, thinking I was selling quick-win financial products. I already called the police and filed a police report,” she shares.

For digital crime expert Wanderson Castilho, the number of attacks has grown and attention is needed. “I worked on more than 5,000 cases of hacking of Instagram worldwide, but this has intensified in the niche of prominent right-wing voices. That got my attention. In the last two weeks there has been an explosion. The objective is always to extort, using the image of the person”, he says.

You hackers they look for people with credibility to use their image and sell false products or financial pyramids. According to Castilho, some of the scams don’t just want financial advantage, but also tarnish the victim’s reputation. He points out that the two-factor verification created by Instagram is not enough to stop scammers. “People are having their telephone lines invaded and in many cases portability is carried out. With that, the hacker manages to access the victim’s SMS and circumvent the two-factor authentication, being able to browse freely on social networks”, he points out.

Marco Antonio Costa, founder of Fio Diário and political commentator, also suffered from the attacks. In his case, the impact was less, lasting a few hours, because Marco had the contact of a cybersecurity specialist. Even so, he did not get rid of the portability of the line. “It’s bizarre to think how many people around me have suffered from these attacks. That’s why I already had someone’s contact if I needed it”.

already the economist Bruno Mussa not so lucky. The disappearance of his phone signal, at first, was not enough for him to suspect something. “I lost three days trying to solve the damage caused by the hackers. They migrated my operator account and I couldn’t undo the portability because they had already changed my CPF”, he says.

Mussa also claims that at least five people fell into the financial scam caused by the scam on his account, totaling more than R$ 10,000. The economist has 60,000 followers on Instagram. In this way, in addition to the financial loss, Mussa had his credibility put in check, considering that he uses the networks precisely to suggest financial investments, but very different from those offered by the scammers.

“What makes me strange is that people fall for this type of scam. This is exactly the opposite of what I pass on to my followers on a daily basis”, completes the economist.

Finally, Castilho warns Instagram users that not even two-factor authentication can protect 100% of intrusions from hackers. So he left some tips to make the social network safer.

• In two-factor authentication, do not set SMS as an option. Choose a third-party authentication app like Google Authenticator.
• There is a third safety factor that few people know about: a list of random codes available in your Instagram account security settings. It’s worth accessing.

Companies respond to cyber attacks hackers

In a note, the National Union of Telephone and Mobile, Cellular and Personal Service Companies (Conexis) said it was working on new security technologies for its customers, but added that it cannot disclose this information. Regarding the portability process, the union claimed that it is also improving the system. “To make portability more secure, confirmation of line migration will be required via SMS, which must be answered within 30 minutes. The change began to take effect for DDD 64 (Goiás and regions) and will be gradually expanded to other states”.

Instagram, on the other hand, highlighted the security of two-factor authentication and its reporting channel, to prevent attacks from hackers. “We encourage people to make use of available security tools and encourage them to report any suspicious activity that they believe violates our Community Guidelines, such as scam or fraud, through the app itself.”