START FREE NOW CONTACT SALES

An entire 9th grade was hacked in a chain attack. Basically, what happened was once the attackers hacked one account they used that account to attack the victim's contact list.


Here is how it happened. Emma and Mia are friends, so when Emma texted Mia that she is on the 2021 Top Ugly List... you can imagine how Mia felt. Mia didn't know that Emma's account was hacked and it wasn't Emma who was texting her, it was the attacker. 

Screen Shot 2021-08-04 at 5.37.33 AM

 

To make it feel more authentic and to get Mia to ask for the link, the fake Emma didn't share the link immediately, instead she wrote that she is also on the list.

 

How an entire 9th grade was hacked  on instagram - Step 2

Mia, is now asking for the link and the fake Emma is happy to send her a phishing link. Mia is so upset that she doesn't think twice and clicks on the fake link. Even though the link isn't the official Instagram site, it still makes sense because it's "Instagram lists" - maybe there is a specific link for lists... 

 

 

How an entire 9th grade was hacked  on instagram - Step 3

At this point, Mia is trying to log in to the fake Instagram login and the attacker is able to steal her user name and password, change her password, and lock Mia out of her account.

 

How an entire 9th grade was hacked  on instagram - Step 4

Now that the attacker has access to Mia's account, the attacker becomes a fake Mia and is using Mia's account to attack her friends. In this case, the attacker is going after Ava. And it kept going like this until the entire grade was hacked.

 

How an entire 9th grade was hacked  on instagram - Step 5

How to AVOID this type of attack

  • Don't Automatically trust anyone, including your friends and family. People get hacked all the time, so you can’t assume that it’s actually your friend that texted or emailed you. If something doesn’t feel right, call and verify.

  • Don’t log in through links anyone shared with you. Instead, manually log in by typing the official URL.
     
  • Use Wizer Free Security Awareness to train your team or family

Full Video

 

Gabriel Friedlander
Written by Gabriel Friedlander

I founded get-wizer.com in early 2019 with a mission to make basic security awareness training free for everyone. Since then Wizer has been rapidly growing with over 3000 organization who signed up for our free training. And in 2020 we partnered with several local counties to offer free Citizen Training. We believe that in this day an age, security awareness should be a basic human skill.