Instagram Phishing Scam – Popularity targeted
Instagram, the second most preferred social media platform among millennial has now caught the eyes of threat actors. A recent string of Instagram Phishing Scam have terrorized Instagram users wherein cyber-maniacs target popular influencers – with over 100,000 followers.
What is it about this app that makes it so wildly successful?
Instagram is a popular social networking service owned by FaceBook where people share photos, videos etc. As social media sites have grown in numbers by leaps and bounds, the following features give this online global network an edge over other social media platforms:
- The clever design choices,
- Implementation of fine filters to edit the pictures,
- Provision to tag people who hold an account on Instagram,
- Provide location information,
- People’s desire to connect to a growing revenue stream is met by Instagram better than any other social media platform.
The popularity of Instagram has made it a prominent target in the cyber-crime world. Moreover, eye catching accounts with thousands of followers fascinate threat actors the most. The consequences of stealing such an account can be hazardous.
Let us read to know how the Instagram Phishing scam takes place.
Phishing Email Scam
Hackers gain access to popular Instagram accounts through phishing email scam. Victims receive email from threat actors posing as potential business partnership and contain a proposal to work together. As per the instructions in the mail, users are required to click on the link that directs them to phoney Instagram Login page that seeks user credentials (username & password). Once the user “logs in”, the hackers have their credentials.
The stolen credentials are used to login to victim’s account, encrypt the account and demand a ransom in Bitcoin to regain access. Panicked victims who agree to pay the ransom not only lose their money but the access to their account as well.
Fake Badge Promise
Accounts belonging to celebrities, popular bloggers or large companies hold a Blue tick, a sacred badge or a status symbol to add prestige and distinguish them from fake accounts. Until now this badge was awarded by the social networking site alone on basis of account popularity and fan following.
Recent changes in Instagram’s policy allow users to use the badge if their account meets certain criteria. The users themselves are required to take the initiative by requesting verification from the app by navigating to Settings-> Request Verification.
Unawareness of this recent change in policy among users has been leveraged by cyber criminals to exploit them. They created sites that masqueraded as Instagram help center pages, a hoax page that pretended to help users obtain information on badges.
Innocent users who visited the page were requested to enter username, password, full name, address, e-mail and date of birth — all for the promise of a badge.
Unsuspecting users who provided all the above mentioned information fell in the trap of threat actors who used this information to extort them.
Sham Alert Messages
Your account has been hacked! Your login credentials need updation! These scary alert messages are used to deceive users to gain access to their Instagram Accounts. When users click on these alert texts, they are redirected to fake login pages, where their keyboard strokes are recorded and sent to threat actors.
On taking the possession of an account, attackers completely renew the profile of the hacked account by changing the profile photo, email address, phone number to which the account is linked and so on or even encrypt the account. This makes it nearly impossible for the true owner to restore the access unless demands of cyber maniacs are met. In the latter case also the probability of retrieving your account is negligible.
How can you avoid Instagram Phishing Scam
Prevention is always better than cure, especially when the cure is nearly impossible. Users are recommended to observe the following precautions to stay safe and avoid Instagram Phishing Scam.
- Click on links with open eyes. If the link appears suspicious avoid clicking on it. If the link is a URL, make it a habit to check it before clicking on it as criminals are making use of phoney urls that look similar to original url to confuse users.
- Enable two factor authentications on all the apps that implement it. This added security makes your account secure as no one can gain access to it even after knowing your account credentials.
- It is always recommended to download apps from official store- such as Google Play for Android, or App Store for iOS. However users should keep track of the ratings of the app and user reviews before downloading any app as these However users should keep track of the ratings of the app and user reviews before downloading any app as these official stores are not always reliable and may host forged apps.
- Using a reliable security solution always goes a long way. Vipre & Hitman Pro are among renowned security solutions that will guard your system against all the dangers.