Why Are Hackers Interested in Me?
I know. Being on the writing side again after a long break feels strange for the reader as well. A few people I don’t know via Twitter and email asked me where I was and why the blog posts didn’t continue. I only told them this: “I’m going through a tough time and I don’t think the articles I’ll write will be productive enough.” It was true.
Luckily, those times are behind me, and with the arrival of autumn, I regained my motivation. Now I’m here!
A few days ago, a friend of mine, let’s call him “M”, wrote to me. He asked questions about what to do as his sister’s account had been hacked. I guided them. But I noticed something in M: Why had they taken over his sister’s account? He was curious about this question. I decided to gather the answer to this question, what to do in such situations, and many other topics in this article.
The Incident
On July 17, 2024, at around 8:16 PM, M reached out to me via a social media channel. He stated that attackers had taken over his sister’s account and closed the email channels as well. Thus, they were unable to access it in any way.
I decided to inform him not about how this situation happened, but about how to proceed. Because it was evident that she had likely fallen victim to a phishing attack. The fact that they had taken over the email address supported this. The paths followed by the attacker, as he described, were clearly simple intimidation and directing the victim by taking control. The attackers aimed to take over more accounts by phishing people from M’s sister’s account as follows:
This type of attack method is like shooting randomly, hoping the bullet will hit someone. It is done to access more accounts. But why are they doing this? What are their aims?
What Do They Want from You?
I know none of us are famous. You, the reader, are not Leo Messi. I am not a pop star. But we all have one thing in common: our friends, family, and environment. Maybe we are not as famous as Messi, and our account may not reach a wide audience, but an average social media account can be connected to 100 people. So let’s do a simple calculation. If one person can reach 100 people, and each of those 100 people can potentially reach 100 more people, it is not hard to see how quickly our audience can grow, even if it is small.
What Do They Want from These Audiences?
Reaching out to audiences aims to achieve something very simple: Information and money. Your data is sold on several forums for only 1-2 dollars with the following information:
- Name and Surname
- Home Address
- Phone Number
- Email Address
- Citizenship Number
- Active social media address you use.
Collecting this information and creating an Excel sheet to earn 2 dollars without doing anything is quite satisfying, isn’t it? If it’s 2 dollars for just one person, it becomes more money as you reach 100 people, and then another 100 people from those 100 people.
These are the paths typically followed by professional hackers. And these hackers attack other channels instead of taking over your accounts. For example, they look at main data sources like e-Government systems, Yemeksepeti, and Facebook. However, medium or beginner hacker groups do not follow this path; instead, they interact directly with their targets.
These types of hackers, unlike the professionals I mentioned above, operate with a simpler method of fraud. The motivation is clear, and the paths to follow are simple:
- Take over an account.
- Examine and imitate the account holder’s conversations.
- Send the phishing address to the closest people and steal their accounts.
- And share posts about how easily they made money from the stolen accounts.
What Should You Do If This Happens to You?
First, stay calm. I have had many accounts stolen, and I have even locked my own account by applying too many restrictions. Your priority is to stay calm.
If you communicate your victimhood to the hacker with the stolen account, the hacker will apply blackmail and understand that they have not only taken over a social media account but also taken you psychologically… This creates a serious problem.
Inform Your Circle
Of course, inform your circle about the relevant account without wasting time by using other channels to share that your account has been stolen. This way, you will ensure that your audience is aware and prevent the hacker/fraudster from spreading further.
Now you have two basic options for the next step. Either close the account or contact the relevant units and spread the process over a long period. Even if you do not regain your account, you can keep the hacker away from these activities for a while.
The two paths I mentioned are:
- Contacting Cyber Crime Units As you know, like many states, our country has taken action for cyber crimes since 2013, and there are various units actively working in this area. Cyber Police, Cyber Moon, and many other security branches show different distributions. It will be enough for you to go to a police station and state that you want to file a complaint. The relevant commanders will carry out the necessary procedures.Remember: According to Article 243 of the Turkish Penal Code, unauthorized access to a system is punishable by imprisonment from 6 months to 15 years and a fine of 10,000₺.
- Closing Your Account by Reporting It You can close your account by reporting it. Many social media accounts act sensitively in such cases. Especially for products under Meta Holding, like Facebook, Instagram, WhatsApp, they act very sensitively in this area.If you notify that your account has been stolen, your account will be reviewed. Additionally, it will be sufficient for 5-10 people from your audience to report the stolen account.
Remember, equations in the digital world are not fixed. The paths attackers will follow can vary greatly from the smallest account to the largest. However, the common motivation is clear: Money or revenge, etc. But for the most part, it’s money.
What Should I Do to Stay Safe?
Be cautious; do not click on or pay attention to links sent from any unfamiliar accounts. Keep two-factor authentication methods enabled. Do not accept friend requests from accounts you do not know. Do not allow information to be gathered about you. And of course, keep following this blog. ☺ Have a tech-filled day. ☺