An entire 9th grade was hacked in a chain attack. Basically, what happened was once the attackers hacked one account they used that account to attack the victim's contact list.
Here is how it happened. Emma and Mia are friends, so when Emma texted Mia that she is on the 2021 Top Ugly List... you can imagine how Mia felt. Mia didn't know that Emma's account was hacked and it wasn't Emma who was texting her, it was the attacker.
To make it feel more authentic and to get Mia to ask for the link, the fake Emma didn't share the link immediately, instead she wrote that she is also on the list.
Mia, is now asking for the link and the fake Emma is happy to send her a phishing link. Mia is so upset that she doesn't think twice and clicks on the fake link. Even though the link isn't the official Instagram site, it still makes sense because it's "Instagram lists" - maybe there is a specific link for lists...
At this point, Mia is trying to log in to the fake Instagram login and the attacker is able to steal her user name and password, change her password, and lock Mia out of her account.
Now that the attacker has access to Mia's account, the attacker becomes a fake Mia and is using Mia's account to attack her friends. In this case, the attacker is going after Ava. And it kept going like this until the entire grade was hacked.
How to AVOID this type of attack
- Don't Automatically trust anyone, including your friends and family. People get hacked all the time, so you can’t assume that it’s actually your friend that texted or emailed you. If something doesn’t feel right, call and verify.
- Don’t log in through links anyone shared with you. Instead, manually log in by typing the official URL.
- Use Wizer Free Security Awareness to train your team or family