From cybercriminal evergreens like phishing to the verification badge scam we look at the most common tactics fraudsters use to trick their victims
Instagram is one of the most popular social media platforms. Indeed, with over one billion monthly active users it is among the top four most popular social media networks in the world. That figure, representing potential targets, is bound to attract cybercriminals like bees to honey.
In this article, we look at an overview of the most common scams that you will probably encounter while you’re perusing your feed and connecting with other users through direct messages.
If we were to use a relatively small hyperbole to describe phishing scams, we could say that they are as old as the internet itself, and it’s a type of scam cybercriminals like to return to and reuse time and time again. Simply put, the ultimate goal is to dupe you out of your personal information and access credentials, and then proceed to use them in various illicit activities – identity fraud or sell them on marketplaces found in the internet’s seedy underbelly.
Figure 1. Legitimate (L) versus fake (R) Instagram login page
Common strategies include evoking a sense of urgency, by sending out fraudulent emails claiming that someone unauthorized may have logged into your account. The email usually includes a fake password reset link that, once clicked, will navigate you to a faux Instagram login page which will harvest your credentials and allow the scammers access to your account. Alternatively, the fraudsters may imply that you are in trouble due to copyright infringement and that you must set the record straight, by clicking on a link and filling out a form. However, if you do that, you’ll be redirected to another faux login page. And they don’t tend to stick to emails, sometimes fraudsters will try to impersonate Instagram support and contact you through direct messages as well.
🔐 Keep your account safe 🔐
You may get emails that LOOK like they’re from Instagram, but they’re not 👀 Avoid hacks and phishing by:
✔️ Checking your settings to confirm we contacted you. Nothing there? Then it’s not from us.
✔️ Turning on 2-factor authentication. pic.twitter.com/V0B40gVhmj
— Instagram (@instagram) March 29, 2021
To avoid falling victim to these scams, watch out for telltale signs such as poor grammar, or the use of generic greetings instead of personalized ones. Another thing to look out for is the sender’s email address, if it isn’t associated with an official email address it most probably is a scam.
Attack of the clones
While browsing Instagram, in search of a celebrity or sports team account you’d like to follow, chances are that you’ve stumbled upon several doppelganger accounts. However, these clone attacks aren’t really limited to popular actors, singers, or athletes. Cybercriminals can as easily clone the accounts of regular Instagram users as well. They’ll then go on to impersonate the people in the accounts they cloned and try to reach out to their friends and followers.
From that point, the ruse is quite simple; the attackers will claim that legitimate account that they have cloned has been hacked, this is the new one and that “hackers” have cleaned out the account owner’s bank accounts, or claim that the account owners are in some other kind of monetary jam. With a bit of proper social engineering and luck, the main victims are scammed out of their hard-earned money in the belief that they are helping out a beloved friend or relative.
And if you think that this scam is hardly plausible and people couldn’t possibly fall for it, you’d be, unfortunately wrong. ESET Security Specialist Jake Moore carried out a successful experiment where he was able to prove the viability of the scam by cloning his own account. The quickest way to check whether you’re being contacted by a cloned account is to reach out to your friends through an alternative method like a phone call. To keep your own accounts safe, you should lock them down and keep them private, as well as be picky about who you allow to follow you.
The verification badge scam
Speaking of cloned accounts, another thing you need to watch out for are account verification scams, or verification badge scams if we want to be exact. In short, if you see a blue checkmark next to an account’s name be it a celebrity, influencer, or brand, it means it’s the real deal. “At its core, verification is a way for people to know that the notable accounts they are following or searching for are exactly who they say they are. It’s a way for people to know which accounts are authentic and notable,” reads Instagram’s description of their verification badges.
@instagram our business page gets many scam imposter accts a week pretending to be us & asks our customers for money. We have tried 4 times to get verified without success. We tried again & got this. I assume this isn’t real but at this point I’m almost desperate enough. Fake? pic.twitter.com/8LuamvPnHI
— Sharpie (@itsmesharpie) March 24, 2021
Being verified basically also means you have a large audience that follows you and you are influential to a certain extent within your community. This also opens up doors to various opportunities like monetizing your content through sponsorship deals with various brands that might offer you to showcase their products. And the desirability of that coveted badge is exactly what the fraudsters are betting on. The scam is relatively straightforward: the scammer will contact you, probably through a direct message offering to get you verified for a fee. However, if you pay up the only thing that will be verified is the fact that you became the victim of a scam.
How to Get Verified on Instagram ✅
No, I can’t get you verified… but here are some tips and things we look for when you apply.
Our new blog post has even more info.