Over the weekend, we had a client whose daughter’s social media accounts were hijacked by a malicious actor. Initially, our client thought the phone had been breached. However, after several calls with them, it became apparent that it was her credentials for her email account that had been compromised – they had been part of a third-party data breach some years ago, and she hadn’t changed her password. Multi-Factor-Authentication (MFA) wasn’t enabled, and the malicious actor changed the email address associated with the account. Luckily, we were able to get the Instagram account back within a few hours of compromise, and the Facebook account took a little longer, but we managed to regain control of that also; however, the incident does beg the question of what to look out for from a mobile device compromise point of view. Gurpreet Thathy gives his thoughts on the experience of mobile device compromise.
- Persistent Pop-Ups: If you notice pop-ups suddenly appear on your phone, that could be a sign of hacking. It might be a sign that your phone has been hit with adware—a malicious app that hackers use to generate revenue by distributing ads without the user’s consent. Furthermore, those ads might be malicious in nature as well. They might take you to pages designed to steal personal information
- Data must go somewhere: When a mobile device is compromised, your data is For the data to be viewed by the malicious actor, it must go somewhere, or at least a connection needs to be made to the malicious actor; therefore, data connections will be used heavily. These days, data plans are large or, in some cases, unlimited; however, always look at your bill to see if there is a spike in usage.
- Battery Life: With smartphones constantly sending/receiving data even when idle, battery life is a nightmare. They are a lot better now; however, if the device is compromised, the malicious actor will constantly send and receive data; therefore, the handset’s battery will be depleted much quicker. Always keep an eye on this.
- Bluetooth/WIFI: Always monitor Bluetooth and WIFI connections; switch them off when you’re not using them.
These points in isolation don’t confirm that your phone has been compromised, but they are a good indication that something is not right. If you think your phone has been hacked, you can install and run online protection software. Also, delete any apps (texts) you didn’t download and then run your mobile security software again. If you still have issues, wiping and restoring your phone is an option. However, if in doubt, please get in touch with Valkyrie.
#DigitalForensics #Compromise #DataBreach #SocialMedia #Investigation