Belarusian cybercrime investigators have issued a warning about a rising wave of attacks on social media and messaging accounts. Roman Romanenko, head of the department for combating cybercrime in the Mogilev regional police, said that even ordinary user profiles in VK and Telegram are in high demand on the shadow market. Criminals prize accounts with a history of activity and contacts because they appear legitimate to both people and automated systems and can be used for large‑scale fraud.
How criminals exploit accounts
Stolen account credentials give attackers multiple avenues to profit. Fraudsters can extract personal information from conversations and profiles, then sell copies of documents or bank details. They impersonate victims to request loans from friends, using voice and video falsified with neural networks to build trust. In many cases criminals splice fragments of existing voice messages to create convincing audio.
Compromised logins also allow attackers to access services that share passwords or use social sign‑in, such as email, online shopping and mobile banking. Other schemes include blackmailing victims with private photos and videos found in chats, or converting the account into a platform for further scams.
Common attack methods
Investigators describe several recurring techniques. Phishing sites mimic legitimate e‑commerce, giveaways or bank pages and lure users via online ads or fake promotions that request social login. Password stuffing tools rapidly try common combinations and can crack many local passwords in under a minute. Free public Wi‑Fi set up by criminals in busy places allows them to monitor traffic and harvest credentials or payment details.
social media account security: practical steps
Authorities recommend straightforward measures to reduce risk. Do not click links from unknown senders and verify links even when they come from friends, as those accounts may be compromised. Prefer sites that use HTTPS and check the web address carefully before entering credentials. Avoid linking social logins to new services to limit exposure.
Create long, unique passwords combining upper and lower case letters, numbers and symbols. Security experts suggest aiming for at least 14 characters to make brute force attacks impractical. Activate two‑factor authentication so that a code from a text message or an authenticator app is required in addition to your password.
Only download apps from official stores and check ratings and reviews. Be cautious when connecting to public Wi‑Fi, and consider using a trusted virtual private network.
Steps to take if an account is stolen
If an account is compromised act quickly. Reset the password if the original email or phone number is still linked. From another logged‑in device terminate other sessions in Telegram or revoke linked devices in VK. Change the account password and unlink third‑party services that used the social sign‑in. Contact the platform’s support team for account recovery if needed.
Run antivirus checks on computers and phones to remove malware. Review other services where the social login was used and update credentials there. Prompt action reduces the chance that attackers will harvest more data or defraud your contacts.
Romanenko urged users to treat every account as valuable and to adopt basic cyber hygiene to prevent becoming a target. The guidance reflects a practical approach by Belarusian law enforcement to curb an increasingly sophisticated wave of social media fraud.
Key Takeaways:
- Belarus law enforcement warns that ordinary VK and Telegram accounts are valuable to criminals for fraud and identity theft.
- Common tactics include fake websites, password stuffing, malicious Wi‑Fi and deepfake audio or video to extort money.
- Key protections: strong unique passwords, two‑factor authentication and avoiding authorisation via social logins.
- If hacked, immediately end other sessions, reset passwords, contact support and scan devices for malware.
