Cybercrime: How Influencers Can Protect Themselves
It is nothing new for social media accounts to be hacked and misused by cybercriminals for phishing or other scams. But what happens when the accounts belong to content creators or influencers? How does such a hack affect my accounts, how can I reaccess them, and how can I protect myself from cyber-attacks? These are the questions we want to answer in the following article.
Social Media Cybercrime
Social networking sites have been a popular target for cyber attacks for years. Once cybercriminals get access to an account, they usually send messages with dubious links to all contacts and share posts with fraudulent content. However, not only are existing accounts targeted, but new accounts are also being created for fraudulent purposes. For example, in June 2023, a Facebook page called "Meta Business Support" wrote to users offering a "page verification tool for businesses". In reality, it was the work of cybercriminals who directed users to a website full of malware.
For content creators and influencers, a cyberattack on their social media accounts poses a particular risk, as the consequences can be more far-reaching than 'just' losing temporary access to the account.
When Influencers Get Hacked
A successful cyber attack on your IT systems or applications is always bad. But what makes the situation even more precarious for content creators is that it is not their own systems that are affected but external platforms. In the event of a cyber-attack, they also have to deal with the companies behind the platforms, such as Google (YouTube), Meta (Instagram, Facebook), ByteDance (TikTok) or Amazon (Twitch). The hacking of Julien Zheng Kho Budorovits, better known as Julien Bam, one of the biggest YouTubers in the German-speaking world, shows how complicated this can be.
Cyber Attack on Julien Bam
Julien Bam was the victim of a cyber attack in April 2022. Cybercriminals hacked his YouTube and Instagram accounts, deleted all existing content and used the accounts to distribute a stream with a fraudulent link. When the YouTuber noticed the hack, he immediately tried to contact YouTube support while his team changed all the accounts' passwords. As distributing fraudulent content is against YouTube's policies, two of Julien Bam's channels were removed from the platform.
It took one week for the YouTuber to get his channels back, but many of the deleted videos could not be recovered. The monetisation of the channels was also initially blocked. Julien Bam says he lost tens of thousands of subscribers due to the cyber-attack, and his income plummeted. It was later discovered that the attack originated from Julien Bam's own PC. When his team ran a virus scan, they found 172 Trojans on the computer, which were also used to mine cryptocurrency.
A consulting firm becomes a Bitcoin mine? What may sound far-fetched actually happened in a real exali damage event. Find out how such an attack could affect your business and how the story ended: Cybercriminals turn consultancy into bitcoin mine!
Cyber Attacks on Influencers
Cybercriminals aren't just targeting big fish like Julien Bam. In fact, cyber-attacks on influencers have been on the rise in recent years. The hijacked accounts are either used to distribute fake content or the hackers demand a ransom for releasing the accounts, like German influencer Sheyla Suamy-Kruse or Australian influencer Nick Furphy. The latter even launched a GoFundMe campaign to pay the ransom.
How to Protect Your Business as an Influencer
Cyber-attacks are not the only threat to your business as an influencer. Other risks include written warnings for legal infringements (e.g. false advertising claims, copyright or trademark infringements) or property damage claims (e.g. damage to hired equipment or rented premises).
With Professional Indemnity Insurance through exali, you are comprehensively covered as an influencer - regardless of whether you are a blogger, streamer, podcaster or creator on channels such as YouTube, Instagram, LinkedIn or TikTok. In the event of a written warning, the insurer will always investigate, at its own expense, whether the warning is justified. Unjustified claims will be defended on your behalf and justified claims will be paid.
Consequences of a Cyber Attack for Influencers
These cases illustrate very well the consequences that cyber attacks can have on the social media accounts of content creators or influencers:
Loss of Platform
If your account is hacked, you first lose direct access. Worse still, the accounts may be suspended or even deleted by the network operators. In this case, you need to contact support. This can take several days or weeks, as the case of Austrian influencer Emel Gloss shows. Her Instagram account was deleted after a cyber attack, and it took Meta 45 days to restore her profile.
Those affected generally report that communication with Meta is challenging and lengthy. One US influencer whose Instagram account was hacked and who did not hear back from Meta for weeks even turned to a local TV station for help. Only after a reporter repeatedly asked Meta for a statement did the company respond, and the influencer got her Instagram account back.
Loss of Followers
Influencer accounts thrive on reach - subscribers, views, likes, clicks, and comments. When cybercriminals hack a channel and then post dubious content on it, as in the case of Julien Bam, it can lead to a loss of trust from followers as well as a ban. As a result, the channel loses reach. This may not be as significant for large accounts with millions of subscribers, but for nano to mid-sized influencers (around 1,000 to 500,000 followers), a loss of reach can significantly impact revenue.
Loss of Revenue
YouTube blocks channels that have been banned for fraudulent content (or other content such as hate speech, racism, etc.) from monetising videos for some time. This means a loss of revenue and income, especially for content creators who rely on the platform as their primary source of income. In addition to the lack of income from the channel, it is also possible that advertising partners will cancel or suspend contracts if the channel in question, which should be used to promote the brands or companies, is unavailable due to a block.
Ransom Demands
Time and time again, accounts are hacked by cyber criminals and influencers are asked to pay a ransom for their release. This works particularly well with Instagram accounts because, as mentioned above, Meta is very slow to respond to demands.
Cybersecurity Tips for Influencers
The big problem with cybersecurity - whether on your own systems and programs, or on external platforms - is that there is always no such thing as being 100% protected. But: There are some precautions you can take to at least minimise the risk of a successful cyber attack.
Respect Password Rules!
It sounds trivial, but the most effective way to protect your social media accounts is to use a password that follows the rules for strong passwords, namely
- At least 16 characters long
- Contains numbers, upper and lower case letters and special characters
- Is unique (i.e. you only use it for that platform)
As a general rule, you should use a unique password for each platform - whether it's a social media account, an online shop or an image database. To help keep track of all your passwords, we recommend using a password manager.
Check out the following article to learn more about password management - from creating passwords to managing them securely: 5 tips for good password management in business
Two Factor Authentication
The least you can do to protect your social media accounts is to use two-factor authentication. This is also a legal requirement under the General Data Protection Regulation (GDPR). In addition to your login details, you need a second code to log in. You will receive this code, for example, via an authentication app on your smartphone or via SMS from the platform.
The advantage of this type of login is that cybercriminals not only need your credentials, but also the device, such as your smartphone, on which you receive them. YouTube, as well as LinkedIn, Twitch, Instagram and TikTok all offer two-factor authentication. Meta now even requires this from all ad account holders.
Caution: Public Networks!
As an influencer, you are often on the move and use public networks to upload images or videos or to check your messages on the platforms. In general, you should always be careful when using public networks - because In theory, anyone can open a hotspot with their own laptop or mobile device such as a smartphone or tablet and call it whatever they want, including "Wi-Fi Dublin Airport" or "Wi-Fi Exhibition XY" and so on. Cyber criminals have long recognised this and use this trick especially in airports, train stations, trade fairs or on trains.
So: Always have a quick look at the networks being offered - for example, real public networks usually require you to log in and enter your email address before you can gain access. To prevent your data from being read, always use a VPN when using public networks when you are out and about. If you are going to an event, make sure the VPN has sufficient data volume.
Beware of Direct Messages
A popular phishing method used by cybercriminals is to send direct messages to users on the platforms and include links to scam sites in these messages. On Instagram, for example, the 'your account has qualified for verification with the blue tick' variant is a popular tactic used to trick influencers.
So you should always check the messages on the platforms carefully:
- Is the sender real? If in doubt, always click on the sender's profile and check whether there is any content posted there (scam profiles are usually private and do not follow anyone), whether there is a disclaimer, etc.
- Does the content of the message make sense?
- Did I receive the message from Instagram, TikTok, etc. in the inbox of the email address I used to register with the platform? As a general rule, platforms always send important emails to the email address registered with the platform and not just within the platform.
If in doubt, you should always try to contact the sender by other means. If it is a message from the platform, contact support. If it is a collaborative issue, either look up the brand or company profile and post a message on the platform - or look up the email address or phone number on the website and contact them that way.
Cover your Bases
As already written: There is no such thing as 100% protection against cyber attacks. That's why it's a good idea to take financial precautions just in case. That is why Professional Indemnity through exali offers the affordable First-Party Cyber and Data Risks Insurance (FPC), which covers you in the event of a successful cyber attack. With FPC, the insurer covers the costs or additional costs you incur as a result of a cyber attack, such as
- Hacker damage to your IT systems or programmes - this includes the cost of specialist computer forensic experts.
- Ransomware - if your systems or access points have been encrypted, the insurer will provide professional assistance. If all attempts to decrypt or recover the data fail, the insurer will pay the ransom demanded.
- PR and crisis management: The insurer will also pay for additional PR costs and specialist lawyers.
Online Editor
Daniela has been working in the areas of (online) editing, social media and online marketing since 2008. At exali, she is particularly concerned with the following topics: Risks through digital platforms and social media, cyber dangers for freelancers and IT risk coverage.
In addition to her work as an online editor at exali, she works as a freelance editor and therefore knows the challenges of self-employment from her own experience.