Social network and entertainment accounts are increasingly finding a home in dark web marketplaces. Currently, the majority of darknet markets sell stolen identities.
Social media profiles are by far the most abundantly available, and prices for hijacked accounts can start as low as $6.
Of course, you’ll have to enter the dark web to purchase these illicit things. The dark web is a network-encrypted environment that requires special software to access – and most marketplaces require an invitation to enter. Cybercriminals use this method to shield themselves from unwanted attention.
Data presented by Atlas VPN was extracted from the dark web by Whizcase, between January 2022 and September 2022.
The cheapest hacked accounts were from Reddit, TikTok, and Pinterest, which cost $6, $8, and $9, respectively.
LinkedIn was found to be the most costly hijacked social profile, selling for roughly $45 per account. This is hardly unexpected, given that the website caters to a professional clientele.
Purchasing hacked accounts for all the most popular social media platforms would cost around $127. Costs vary slightly depending on the marketplace.
Most “vendors” sell credentials in bulk, and it’s not uncommon to see an offer to purchase hundreds of thousands of accounts for a relatively small price.
Many hackers utilise hacked accounts to create “advanced bot farms” for social media engagement manipulation rather than selling their “treasure.”
The advantage of this method over putting up direct bot accounts is that the stolen accounts previously belonged to genuine individuals, making the manipulation operations considerably more difficult for social networks to identify.
According to analysis, purchasing social media engagement is relatively inexpensive. For about $25, one could purchase 1,000 Twitter retweets from what appear to be authentic accounts.
For about $8, one could purchase 1,000 Facebook Likes for a page or post.
For a few more dollars, it is frequently feasible to select the nation of origin for Likes or retweets.
Also, we could speculate that the majority of services on Google that offer social media engagement for payment originate from the same source—the dark net.
This demonstrates the importance of exercising caution while viewing popular or highly engaging content on social media. Someone might make a profile or a post appear extremely popular by spending less than a hundred dollars.
Consequences of social media account takeovers
Criminals can employ cybercrime exploits or social media campaigns to carry out a variety of damaging activities.
Some of the most significant damages occur when threat actors find an account that is attached to a payment method. Also, certain profiles moderate a business page that spends money on ads. Naturally, damages from such break-ins could be sky-high.
Criminals also use stolen accounts to infiltrate sensitive circles further, like company management, etc.
There is also a risk of the hacker using your profile to ask for money from your friends and relatives.
The red flag to watch out for is asking for money via a gift card, a foreign bank account, or a blockchain address. All of these are favored by fraudsters as they are difficult to track down.
In short, becoming a victim of social media account takeover can cause significant damage to the victim and other parties involved.