Scott Bennett was watching Instagram stories back on June 3 when he noticed something off about a friend's business page.
While browsing, he saw that the account for Hamilton-based Bar Sazerac posted what looked like a fabricated and off-brand screenshot about 10 minutes earlier. It showed a picture of a digital wallet used for cryptocurrency.
"It appeared to be a cryptocurrency wallet with their bar's name in it, saying how thankful they were to some unknown Instagram account about their record profits," Bennett said.
After working in the information technology (IT) and cybersecurity field for more than a decade, Bennett knew something was fishy.
"This made no sense to me, considering they're a cocktail bar and would have absolutely no reason to be posting about record-breaking cryptocurrency profits," Bennett said.
Crypto crime is on the rise in Canada and the U.S. The Canadian Anti-Fraud Centre says it received reports of cryptocurrency fraud losses in 2021 amounting to $75 million. A recent report released by the U.S. Federal Trade Commission shows that since the beginning of 2021, more than 46,000 people have reported losing over $1 billion in cryptocurrency to scams.
Locally, the Haldimand Crime Unit is currently investigating a case involving a person living in Hagersville, Ont. who was defrauded of $400,000 after investing in an online cryptocurrency scam.
Cryptocurrency is a largely unregulated digital currency market dealing in direct transactions of value and certain features may explain why it is a preferred target for hackers. For one, cryptocurrency transfers cannot be reversed and there is no bank to flag suspicious transactions.
Bennett said he sent Sazerac's owners a text message with a screenshot of the post saying he was pretty sure their Instagram account had been compromised.
Kyle and Jennifer Ferreira, owners of Bar Sazerac, confirmed shortly after that it had been hacked. Messages had started rolling in to them through text messages and Facebook from friends and patrons to let them know something was up.
They were "at a loss as to how this happened," Kyle said, adding that the hack has been an "unnecessary, unfortunate headache."
Like many businesses, especially since the COVID-19 pandemic, the Ferreiras use social media as the primary way to communicate with their customers.
"My wife and I have worked really hard to present ourselves as people who take great care and have great reverence for everyone who comes to our bar," Kyle said.
"And the concept that we hurt anyone or we had inconvenienced anyone really... it's just not nice."
Hackers phishing for cryptocurrency
Social media is a very common avenue of attack for hackers, typically through what are known as phishing campaigns in which they send you a message offering or asking you for something, Bennett said.
"This usually involves clicking a link somewhere in the body of the message, which triggers a series of events that can lead to your account getting compromised," he said.
That "series of events" depends on what platform you're on, whether it's Instagram, Facebook, e-mail, your bank or somewhere else.
"Ultimately, they're looking for the ability to authenticate as you and elevate and entrench themselves to gather more credentials, sensitive data, followers or accounts," Bennett said.
In the case of Bar Sazerac's Instagram, the hacker was sending messages to followers, posing as the owners to gain confidence, asking them to access a link provided, screenshot it and send it back.
Many patrons could tell it was not the Ferreiras writing to them.
"We don't solicit people to do anything through the account other than obviously show up to the bar," Kyle said.
"So for us to post something about cryptocurrency was a major departure for us."
Social media a vital tool for business
The original Bar Sazerac Instagram account had just under 6000 followers and more than 500 posts.
The Ferreiras said the fact that the hacker had been contacting followers was especially difficult for them because they use their account not only to connect with customers but have built friendships with many of them.
"People follow us because they actually like us as people," they said.
Kyle describes the interactions there as a far more friendly exchange than "a classic, advertising based account."
"People enjoy the fact that if they want to talk to us about anything, the people who will be answering will be Jen or I," Kyle said.
"To lose out on that is confidence draining," he said.
Social media channels became especially important for businesses navigating pandemic restrictions, said Cassandra D'Ambrosio, manager of marketing and communications for the Hamilton Chamber of Commerce.
"They're just trying to run their daily operations and do everything else involved with being a small business owner," she said. "They just don't have the time to deal with or need something like that happening."
"In the past two years, Jennifer put a lot of really awesome things on our Instagram account and it really helped drive sales in a very difficult time," Kyle said.
"The pandemic was very difficult and Instagram was incredibly beneficial."
What can social media users do to protect their account?
There are some ways to help protect a social media account from getting hacked. Bennett says.
A good place to start is to enable two-factor authentication, he said.
Two-factor authentication is a security feature that requires individuals to enter a special security code each time they try to access a platform from a browser or mobile device that the platform doesn't recognize.
"'Two-factor' refers to the fact that you would need to compromise both your phone and the account password for an attacker to login successfully," Bennett said, "which is much more difficult and unlikely."
Also, always keep in mind that if someone is reaching out to you and you don't know them, they may be trying to get you to do something which can compromise your account, Bennett said. So, "think critically."
No platform such Instagram or Facebook will ever ask for you to provide account credentials, such as login information or a password, through an email request, he said.
If you get a message that looks like it's from something official, like Instagram, asking you to click on something, login, or provide your password, they very likely aren't who they say they are, Bennett said.
Bar Sazerac is working with Bennett to secure their social media accounts. They will try to regain control of their compromised account, but if that doesn't work out, they would prefer to see it shut down.
A new account has been created by the owners so they can keep connecting with their customers and friends through Instagram at @TheRealBarSazers.
In the first post on that account last week, Jennifer wrote that they will "forge a new path towards rebuilding," with the new account.
"It's obviously not an ideal situation, but considering Kyle and I have dealt with much worse in the last 2 years, we know we will prevail," the post said.