CloudSEK Identifies 40,000+ Exposed US Industrial Systems Vulnerable to AI-Assisted Recon as Iranian-Aligned Groups Mobilise

Posted in Commentary with tags on March 6, 2026 by itnerd

CloudSEK researchers have documented how artificial intelligence has fundamentally collapsed the barrier to targeting industrial control systems, compressing what once required weeks of specialist knowledge into a five-minute reconnaissance workflow. 

The findings come as the 28 February 2026 US-Israel strikes against Iran triggered the largest single-event activation of Iranian-aligned cyber actors ever documented, with over 60 hacktivist groups mobilising within hours – many without deep ICS expertise, but now equipped with AI tools that make that expertise unnecessary.

Key Findings

  • CloudSEK identified 40,000+ internet-exposed US industrial control systems immediately discoverable using AI-assisted reconnaissance – and confirmed that a passive five-minute workflow using free tools can identify live devices, retrieve default credentials, map accessible interfaces, and enumerate CVEs without authenticating to or probing a single system.
  • OpenAI confirmed in October 2024 that Iranian-affiliated actors (CyberAv3ngers) used ChatGPT to conduct ICS reconnaissance, querying default credentials for industrial devices, generating Shodan search strings, and requesting automation scripts – one of the first documented use of a commercial LLM by a state-affiliated actor against critical infrastructure.
  • More than 60 Iranian-aligned hacktivist groups mobilised within hours of the 28 February 2026 strikes. The death of Supreme Leader Khamenei disrupted IRGC command structures, removing the political constraints that historically governed Iranian cyber targeting. Proxy and hacktivist groups now operate without accountability for civilian harm.
  • US government reporting confirms 75+ US ICS devices were compromised in campaigns linked to the same threat ecosystem, including 34+ in the Water and Wastewater sector. The 2023 Aliquippa water plant compromise – forced onto manual operations by a default password – is the documented template these groups are replicating.
  • Internet exposure across OT and ICS environments is worsening: 35% year-on-year growth in exposed systems and a 160% surge in Unitronics port 20256 exposure, despite two years of CISA advisories following the Aliquippa attack (ReliaQuest, H1 2025).

Why This Matters

The real shift is not in malware sophistication. It is in speed, scale, and accessibility. AI is enabling less technically mature actors to perform ICS reconnaissance that once required years of specialist knowledge.

 In a conflict environment where over 60 groups are simultaneously activated and seeking accessible targets, AI compresses the cycle from intent to impact.

CloudSEK researchers reproduced the AI-assisted reconnaissance chain as a passive research exercise, mirroring the confirmed methodology. Following the same process, researchers identified multiple live instances of unauthenticated, internet-exposed ICS systems with direct operational impact potential. 

CloudSEK notes that the passive nature of this research, standard HTTP requests against publicly indexed systems, is indistinguishable from what a threat actor would perform.

The cyber fallout from the Iran-US conflict is not limited to advanced state-linked operators. Loosely aligned hacktivists and proxy actors can now use AI-assisted workflows to identify and prioritise exposed industrial assets in real time, increasing the risk of opportunistic disruption to water treatment, energy distribution, fuel management, and manufacturing operations.

The same 28 February window also saw OpenAI confirm a partnership with the US Department of Defense, triggering a 295% spike in ChatGPT app uninstalls (Sensor Tower via TechCrunch). As commercial AI platforms face governance pressure around military use, threat actors migrate to unconstrained alternatives. The safety guardrails that limited CyberAv3ngers on ChatGPT in 2024 are a floor, not a ceiling.

Immediate Defensive Priorities

CloudSEK recommends that organisations urgently:

  • Remove ICS management interfaces from the public internet immediately and place them behind VPN. This single action eliminates the AI-assisted passive reconnaissance attack path entirely.
  • Change default credentials on all deployed ICS devices. The Unitronics default password 1111 is in a vendor manual, in CISA Advisory AA23-335A, and in active use on internet-exposed devices today.
  • Block industrial protocol ports at the perimeter: TCP 20256, 102, 502, 44818, 1911 and UDP 47808 have no legitimate reason to be directly internet-accessible.
  • Audit all third-party remote access to OT environments. IT managed service providers with tools on OT networks are confirmed entry points for supply chain attacks.
     

CloudSEK’s findings are based on passive reconnaissance of publicly indexed information and exposed web interfaces, without logging into or actively probing any system.

You can read the research here: AI, the Iran-US Conflict, and the Threat to US Critical Infrastructure | CloudSEK

Leave a comment »

The Company Reviewing Meta Glasses Footage Has a Security Problem

Posted in Commentary with tags on March 6, 2026 by itnerd

Mike Bell, Founder and CEO of Suzu Labs, has just published the research blog “The Company Reviewing Your Meta Glasses Footage Has a Security Problem.” 

“Last week, Swedish journalists revealed that Meta sends video footage from Meta Ray-Ban smart glasses to human data annotators at Sama, a San Francisco-based outsourcing company that runs its annotation workforce out of Nairobi, Kenya. Workers described seeing footage of people in bathrooms, bedrooms, and intimate situations. The UK’s Information Commissioner opened a probe. The story dominated privacy news for days,” Bell said.

“Nobody asked the obvious follow-up question. How secure is Sama? We did. And the answer isn’t reassuring.”

Sama Credential Exposure on the Dark Web: Suzu Labs ran dark web intelligence against Sama’s corporate domain (sama.com) using its threat intelligence platform. Within the last 90 days alone, Suzu Labs identified 118 credential entries tied to sama.com circulating across Telegram channels, underground forums, and breach databases. The results were alarming, including the fact that eighty-three of the entries included plaintext passwords.

Suzu Labs research reveals just how shaky Sama’s current (December 2025-Feb. 2026) security posture is. “Most of these credentials didn’t come from some third-party breach where Sama employees happened to have accounts. Roughly 87% came from info-stealer malware logs. That means malware was running on machines used by people with sama.com email addresses, pulling credentials and session tokens directly off the endpoint. The stealer takes everything on the machine. It doesn’t filter by importance.”

The research also evaluates risks to AI training data and other Sama clients, and offers recommendations – for Meta, for Sama, and for every organization.

The Company Reviewing Your Meta Glasses Footage Has a Security Problem: https://suzulabs.com/suzu-labs-blog/the-company-reviewing-your-meta-glasses-footage-has-a-security-problem

Leave a comment »

2015 vs. 2025: How password habits have evolved over the past 10 years

Posted in Commentary with tags on March 6, 2026 by itnerd

ExpressVPN has published an article on the evolution of password security over the past 10 years. Cybersecurity researcher Jeremiah Fowler has published an analysis of part of the data from the recent 149 million credentials leak on the ExpressVPN blog, comparing current password habits with those from a decade ago.

During this research, Jeremiah noted some interesting and concerning findings:

  • Only 15% of the passwords from 2025 could be classified as complex.
  • 85% of current passwords typically contain known patterns from prior breaches or password-guessing models.
  • It’s still common for people to reuse passwords across multiple accounts.

Jeremiah published his detailed report on the ExpressVPN blog here: https://www.expressvpn.com/blog/password-security-2015-vs-2025/

Leave a comment »

Cloud Misconfigurations vs Vulnerabilities: What’s the Difference?

Posted in Commentary with tags on March 6, 2026 by itnerd

Uzair Gadit, Founder & CEO of Dubai-based Secure.com, has just published “Cloud Misconfiguration vs Vulnerability: What’s the Difference? Most cloud breaches aren’t hacks — they’re open doors you forgot to close.“.

The brief post equates mis-configurations. versus vulnerabilities as analogous to open doors versus broken locks.

 “Most IT teams treat every cloud security issue the same way. A new CVE drops? Patch it. But what about the S3 bucket someone left public last Tuesday? That doesn’t show up in a CVE database. It shows up in a breach report.

“Cloud environments are not static. Every new service spun up, every new developer onboarded, every shortcut taken under deadline pressure is a chance for a setting to go wrong. The confusion between misconfigurations and vulnerabilities is costing companies millions — not because they don’t care, but because they’re solving the wrong problem,” Uzair said.

He notes that most security budgets are built around patch management which makes sense on prem, but in the cloud is the wrong playbook.

Uzair offers specific vendor neutral recommendations and key takeaways:

  • A leading analyst organization estimates 99% of cloud security failures come from misconfigurations — not software bugs.
  • Misconfigurations are easier to exploit. No hacking skills required. A Google search can find an exposed S3 bucket.
  • Shadow IT and cloud sprawl cause “configuration drift”, i.e. settings that slowly become unsafe as environments grow.
  • The fix is a mix of automated audits (CSPM tools), least-privilege access, and shift-left security in your CI/CD pipeline.

Cloud Misconfiguration vs Vulnerability: What’s the Difference? Most cloud breaches aren’t hacks — they’re open doors you forgot to close: https://www.secure.com/blog/cloud-misconfiguration-vs-vulnerability

Leave a comment »

Women Funding Women Launches the Be Bold Challenge to Turn The Wealth Transfer into Economic Power

Posted in Commentary with tags on March 6, 2026 by itnerd

On International Women’s Day 2026, under the global theme Give to Gain, Women Funding Women Inc. (WFW) is pleased to announce the launch of The Be Bold Challenge, anchored by a strategic framework known as the Three Cs, designed to move Canadian women from wealth ownership to economic power.

Over the next decade, women in Canada will control close to $4 trillion in financial assets, nearly half the nation’s wealth. This is part of an estimated $124 trillion global wealth transfer underway. This historic shift presents a rare opportunity to reshape who builds, leads, and scales Canada’s innovation economy.

Yet a stark contradiction remains.

Despite women founding roughly one in five new businesses, women-led ventures continue to receive less than 4%, and often closer to 2%, of venture capital funding.

The Be Bold Challenge: Introducing the Three Cs

As part of International Women’s Day 2026, WFW is formally introducing the Three Cs as the strategic foundation of The Be Bold Challenge:

Changing the Paradigm
When women back women, we don’t just close the funding gap, we redefine who gets to build, lead, and scale the next generation of companies. This is a call for women to step forward as capital decision-makers and lead boldly at a moment when leadership matters.

Creation of Wealth
Women must move away from fear of risk and toward calculated risk-taking. Women may take more time to make investment decisions, but once committed, they are persistent and thoughtful, qualities that are financial strengths. Venture investing is a legitimate path to prosperity, and women must fully participate in the wealth creation men have benefited from for generations.

Collective Collaboration
Systemic change does not occur in isolation, it is built through deliberate, collective action. When we widen our networks, normalize women as both founders and funders, and create trusted spaces where women can pitch, invest, mentor, and champion one another, collaboration moves from conversation to capital deployment. In that environment, collective collaboration becomes not just supportive – but catalytic – driving change in the economy.

At the same time, durable transformation requires inclusive partnership. Engaging male allies and champions strengthens the ecosystem, expands access to capital and influence, and reinforces that closing the funding gap is not a women’s issue, it is an economic imperative.

Founder Capital in Action

In keeping with the principles of the Three Cs, the three co-founders of WFW and their Advisory Council are publicly disclosing a selection of women-led Canadian ventures in which they are personally invested, demonstrating leadership by example and reinforcing that angel investing is a disciplined asset class, not a symbolic gesture.

To learn more about the Be Bold Challenge and see a list of companies members of Women Funding Women are invested in visit https://womenfundingwomen.ca.

Leave a comment »

Iran–US Escalation Heightens Risk to Industrial Systems: CloudSEK

Posted in Commentary with tags on March 5, 2026 by itnerd

CloudSEK today released a threat landscape assessment warning that more than 60 hacker groups mobilised within hours of the February 28, 2026 Iran–US military escalation — and that tens of thousands of US industrial control systems remain directly reachable from the internet, many with no authentication beyond a factory-default password.

The report, “A Threat Actor Landscape Assessment of ICS/OT Targeting in the 2026 Iran–US Conflict,” identifies a two-tier threat ecosystem: nation-state APTs pre-positioned inside US networks for years, and a fast-expanding pool of state-backed hacktivist proxies that need nothing more than an exposed device and a motivation to cause national-headline disruption. 

CloudSEK’s report finds that the industrial attack surface remains exposed at scale. In the United States alone, researchers identified approximately 182.2K internet-exposed industrial and automation-related assets (including both live and historically observed systems). Many of these were found to be actively reachable and exposed without authentication.

The exposure is not limited to the U.S.: Israel recorded around 104.9K such assets, while the United Kingdom showed roughly 88.8K exposed assets. CloudSEK notes that these listings represent industrial or automation-related devices observed on the public internet, underscoring the scale of potential targeting during periods of geopolitical escalation. 

Key highlights from the report

  • Rapid mobilization after escalation: CloudSEK observed a sharp rise in hacktivist and proxy activation following February 28, increasing the volume of actors scanning for high-visibility infrastructure targets.
  • Exposure at scale across industrial protocols: The report identifies large volumes of internet-reachable industrial services in the US, across widely used ICS/OT and automation protocols and platforms — indicating that many operational environments remain discoverable from the public internet.
  • Three primary routes from discovery to impact:
    1. Direct access to exposed industrial interfaces (often enabled by weak/default credentials)
    2. Phishing and compromise of OT-adjacent users and vendors (engineering workstations, operators, third-party access)
    3. Enterprise IT compromise followed by lateral movement into OT, allowing adversaries to pre-position access and activate during crisis windows
  • Basic weaknesses continue to enable real-world compromise: The report underscores that industrial incidents often stem from long-standing issues — internet exposure, unsecured remote access, and default credentials — rather than rare, highly advanced exploits.
  • Operational risk is physical by design: Unlike purely digital attacks, ICS/OT compromise can affect physical processes, making disruption potentially immediate and safety-relevant.

Why default access and exposed interfaces remain a critical risk

CloudSEK’s assessment notes that many industrial environments remain vulnerable because exposed devices and interfaces can be identified quickly through standard internet scanning. In such cases, attackers may not need to exploit software vulnerabilities — they only need to find an exposed system and gain access using weak or default authentication.

This dynamic becomes more dangerous during periods of escalation, when some actors prioritise visibility and disruption over stealth.

Recommended actions for operators and defenders

CloudSEK urges critical infrastructure owners and operators to prioritise immediate, practical defensive measures:

  • Remove ICS/OT management interfaces from the public internet wherever possible; enforce VPN-only access for remote operations
  • Eliminate default credentials and strengthen authentication on industrial devices and management consoles
  • Restrict industrial protocol exposure at the perimeter and shut down unnecessary remote-access services
  • Audit and limit third-party remote access into OT environments (MSPs/RMM tools, vendor pathways)
  • Improve monitoring and logging in OT-adjacent environments to detect unauthorised access and lateral movement early

Leave a comment »

Check Point Launches a Secure AI Advisory Service to Help Enterprises Govern and Scale AI Transformation

Posted in Commentary with tags on March 5, 2026 by itnerd

Check Point Software today announced a Secure AI Advisory Service, a new service designed to help enterprises accelerate AI adoption with governance, risk management and regulatory compliance embedded from the start.

AI is moving from experimentation to core business infrastructure. Yet in many organizations, deployment is outpacing oversight. Boards and executive teams are facing increased regulatory scrutiny, operational risk and accountability gaps as AI systems expand across hybrid networks, cloud environments and digital workspaces. Secure AI Advisory provides a structured, intelligence-driven framework to bring clarity and control to AI transformation. The service embeds governance, risk assessment and regulatory alignment across the full AI lifecycle, enabling measurable risk reduction and responsible scaling from day one.

This new service is part of the CPR Act, Check Point’s Cyber Resilience and Response unit, which delivers AI governance with global threat intelligence to provide actionable guidance. Unlike one-off assessments or standalone consulting, CPR Act integrates AI governance into the security lifecycle, connecting intelligence, readiness, detection, and response. This ensures controls and monitoring to adapt to new AI risks, regulations, and threats, offering organizations a single accountable partner from strategy through execution.

Enterprises require more than policy guidance. They need operational frameworks that align innovation with accountability and risk transparency. Secure AI Advisory delivers:

  • AI governance frameworks aligned to business strategy
  • AI risk and impact assessments with prioritized mitigation roadmaps
  • Regulatory readiness aligned to EU AI Act, GDPR, ISO 42001 and NIST AI RMF
  • Executive and practitioner enablement to operationalize controls

The service is available in three tiers, Essential, Enhanced and Total, supporting organizations at every stage of AI maturity. All tiers include access to Check Point’s interactive AI Risk and Compliance Dashboard for continuous visibility and structured oversight.

Secure AI Advisory complements Check Point’s prevention-first security architecture, supporting secure AI adoption across Hybrid Mesh Network Security, Workspace Security, Exposure Management and AI Security. This integrated approach enables organizations to govern AI consistently across multivendor and hybrid environments without adding operational complexity.

By combining vendor agnostic advisory with intelligence-led insight, Check Point helps enterprises transform AI from a source of uncertainty into a controlled driver of growth. Secure AI Advisory reinforces Check Point’s commitment to securing the AI transformation. By embedding governance, risk management and compliance into AI strategy at the outset, organizations can accelerate innovation while protecting resilience, reputation and shareholder value.

Leave a comment »

Commvault and CloudSEK Join Forces

Posted in Commentary with tags , on March 5, 2026 by itnerd

Commvault today announced an integration with CloudSEK, a global leader in Predictive Threat Intelligence and AI-driven external risk monitoring, to help enterprises proactively defend against identity-based cyberattacks fueled by stolen and exposed credentials.

As identity becomes the new attack surface, 80% of breaches involve compromised credentials. Today, more than 24 billion stolen credentials are across dark web marketplaces, stealer logs, and underground forums. With the rise of AI-driven attack automation and agentic adversaries, the time between credential exposure and exploitation has collapsed from months to hours. 

This integration brings CloudSEK’s real-time Dark Web Credential Intelligence directly into Commvault’s Active Directory Vulnerability Assessments and Active Directory Advanced Audit and Anomaly Detection solutions. By correlating external credential exposure signals with internal identity telemetry, customers can identify exposed accounts early and take decisive action, including: disabling, locking, or resetting compromised credentials and rolling back malicious changes to Active Directory before attackers can escalate privileges, deploy ransomware, or exfiltrate sensitive data. 

Additionally, via this integration, vulnerabilities and risks across internal, public, and dark web sources are automatically scored, prioritized, and delivered with clear remediation guidance, eliminating guesswork and enabling security teams to focus on the most critical issues first.

Availability

The CloudSEK integration will be available this summer at no charge for customers using Commvault Active Directory Vulnerability Assessments and Active Directory Advanced Audit and Anomaly Detection solutions. Customers will also have the opportunity to upgrade to the full suite of CloudSEK solutions.

Join Commvault at RSAC 2026

Commvault’s latest identity resilience offerings take center stage at this year’s RSAC Conference (Booth #S-0634) from March 23-26 in San Francisco. Show attendees can grab a ringside seat for the ResOps Rumble where resilience and operations join forces to deliver unified cyber recovery, identity resilience, and data security. Register today for ransomware recovery demos and sessions, expert insights on identity resilience and clean recovery, and the ultimate prize – unified resilience for your organization.

Leave a comment »

ConnectWise 2026 MSP Threat Report Spotlights How Identity Abuse is Redefining MSP Risk

Posted in Commentary with tags on March 5, 2026 by itnerd

ConnectWise today announced the release of its 2026 MSP Threat Report, delivering global threat intelligence and actionable guidance for Managed Service Providers (MSPs) navigating one of the most complex cybersecurity landscapes to date. The report details the most significant threats observed throughout 2025 and reflects ConnectWise’s continued evolution in helping customers secure and strengthen their businesses as identity, access and trust relationships become the primary battleground in modern cyberattacks.

Drawing from real-world incident response investigations, ConnectWise customer telemetry, ransomware leak site monitoring and malicious infrastructure tracking, the 2026 report reveals a decisive shift in attacker strategy: adversaries are no longer relying primarily on novel exploits. Instead, they are exploiting trusted identities, legitimate system tools, remote access infrastructure, and software supply chains to gain faster, more scalable access to MSP-managed environments worldwide.

Global threat landscape demands platform-level defense
The 2026 MSP Threat Report highlights trends observed across North America, Europe, and Asia-Pacific (APAC), reinforcing that while regional nuances exist, the underlying risks are consistent worldwide.

  • Ransomware prioritized speed and access reliability Rather than innovating encryption techniques, ransomware operators refined how they gained access. Groups such as Akira demonstrated rapid “scan, steal, encrypt” lifecycles, often targeting backup infrastructure early to prevent recovery. Attackers also bypassed OTP-based multi-factor authentication (MFA) by exploiting inherited VPN configuration artifacts or retained appliance secrets.

Key regional ransomware trends include:

  • In North America, ransomware operators prioritized speed and early backup disruption in midsized business environments.
  • European manufacturing and supply chain ecosystems saw increased targeting through credential and remote access abuse.
  • Growing SMB markets in APAC experienced expanding exposure of perimeter infrastructure and credential-stuffing campaigns.
  • VPN infrastructure became a consistent entry point Publicly exposed SSL VPN interfaces were repeatedly targeted through credential stuffing, inherited secrets and critical vulnerabilities affecting major vendors. In multiple cases, organizations experienced full domain compromise within hours of successful VPN authentication.
  • Software supply chain compromise expanded downstream risk – Supply chain attacks intensified in both scale and automation. Campaigns such as “Shai-Hulud” compromised npm maintainer accounts and propagated trojanized updates across thousands of downstream environments. Other ecosystems, such as PyPI, NuGet, RubyGems, and Rust, faced phishing and malicious package injection campaigns that turned routine dependency updates into execution paths.
  • ClickFix and user-mediated execution matured – ClickFix-style social engineering attacks, in which users are manipulated into copying and pasting malicious commands into legitimate utilities, emerged as a repeatable and adaptable intrusion method. The tactic bypasses traditional defenses by shifting execution responsibility to the user.
  • AI increased attacker scale and realism – Although AI’s direct artifacts are often invisible in forensic telemetry, its impact was evident through increases in deepfake-enabled fraud, LLM-generated phishing campaigns, AI-assisted malware development, and automation that lowered barriers to entry for threat actors globally. Rather than creating new attack categories, AI made established tactics faster, more scalable and more convincing.

ConnectWise: Evolving with the threat landscape

The 2026 MSP Threat Report underscores a critical reality: reactive security models are no longer sufficient. Defenders must move earlier in the attack lifecycle, focusing on identity, privilege, execution context, and resilience.

ConnectWise is addressing this shift by continuing to strengthen and integrate cybersecurity and data protection capabilities across the ConnectWise Platform, including:

  • Privileged Access Management (PAM) to enforce least-privilege and reduce blast radius from credential compromise.
  • Managed Endpoint Detection and Response (Managed EDR) to provide continuous, behavior-based monitoring and rapid containment.     
  • Security Information and Event Management (SIEM) to correlate identity, endpoint and network telemetry across multi-tenant environments.
  • Business Continuity and Disaster Recovery (BCDR) with immutable backup capabilities designed to resist tampering—even in ransomware scenarios.

The 2026 MSP Threat report is made possible by the ConnectWise Cyber Research Unit™ (CRU), an elite team of threat hunters and cybersecurity professionals who gather intelligence 24/7 from real-world incidents, customer environments, ransomware leak sites and malicious infrastructure monitoring. The full report is available for download at this link.

Leave a comment »

Guest Post – Surrounded by bots: Social media platforms delete 6.3B fake accounts, with Facebook and X at the top of the list

Posted in Commentary with tags on March 5, 2026 by itnerd

Popular social media platforms are constantly removing massive amounts of fake accounts and spam content. Surfshark’s analysis of annual public transparency reports reveals the staggering scale of this cleanup: Facebook, TikTok, X, and LinkedIn collectively remove 6.3B fake accounts. These platforms, along with YouTube and Instagram, also remove 11.1B pieces of spam content. On the dark market, fake account prices start at $0.08.

While AI agents are learning to interact with each other on their designated social media, bots pretending to be humans continue to sink popular platforms.

“I am convinced that the majority of fake accounts on social media are bots. Especially with the evolution of AI, producing and managing bots becomes easier. On some platforms, AI can fully cover the needs of “faking”. In contrast, on others it’s not that simple — for example, on Facebook, where interaction with real people and response to context are required,” says Justas Pukys, Senior Product Manager at Surfshark.

He explains that bots are programs designed to impersonate humans. They are centrally controlled, like marionettes, and trained to deceive both systems and humans. In addition, bots can also be real people who manage several accounts with a common goal, for example, to influence social media users’ attitudes, push an agenda on a certain issue, provoke society, or show exaggerated support for certain institutions or figures.

Comparing fake account removal volumes to active users reveals the enormous scale of the monitoring and removal that social media must perform.

On some platforms, the number of annual removals rivals or even exceeds the entire active user base. For example, Facebook, with 3B active users, removes 4.5B fake accounts annually — a volume 1.5 times its user count. Similarly, X reports removing 671M accounts each year for platform manipulation and spam, a figure that surpasses its 570M active users. TikTok deletes 1B fake accounts, equivalent to over half its active user base — 1.9B.

“Considering those platforms’ size, global reach, and impact on human opinion and behavior, I wouldn’t be surprised if the number of fake accounts and content were even higher than presented in the official transparency reports. Also, I believe these numbers will continue to grow drastically in the future, unless social media finds effective ways to combat the threat,” says cybersecurity expert at Surfshark.

Real users face increasing scam risks

Given that social media is flooded with fake accounts and content, a really worrying issue is that real users can easily be scammed and harmed, both morally and financially. Consider these recommendations from Surfshark’s experts on how to avoid getting scammed:

Pay attention to suspicious account profile details: fake accounts usually have very few photos or only associative images. Usually, the account is created recently and has a vague or overly promotional bio.

Be aware of unnatural behavior: fake accounts often send friend requests to many people in a short period of time. They may immediately send you links or other suspicious offers, usually encouraging you to move the conversation to WhatsApp or Telegram quickly.

Fake accounts send repetitive or copy-paste comments: they tend to post the same message under many posts. They typically offer “too good to be true” benefits, such as crypto, giveaways, and miracle cures.

What should you do to avoid harm?

  • Don’t engage with suspicious accounts and content: don’t reply, argue, or click links;
  • Always check: look at important details such as the account’s age, bio, and number of friends;
  • Report the account and content: use the social media platform’s report feature;
  • Protect yourself: enable two-factor authentication (2FA) on your account, make your social media profile private, and avoid sharing personal details publicly.

Leave a comment »

« Older Entries