Instagram Scammers Are Getting Bolder
Have you already been hit by the “I’m running for an ambassador for the Influencer Program” scam on Instagram ? It’s a scheme where one of your Instagram “friends” asks you to help him by voting for him in a fake contest, and the scammers are getting more and more sophisticated in their attempts to scam people.
The risk is related to voting: the scammer will ask you to vote by sending you a personalized link… which is actually a password reset URL for your account. The scammer will ask you to send him a screenshot of the link, but do not click on it. If you comply, they will manually enter the URL on their side and gain access to your account, after which they can reset your password, block you, and repeat the process with your friends and family.
How is the scam developing?
As people catch the scammers, the criminals have to change something. Recently, the victims are deceived in the same situation by different methods. Some scammers are now using the information they can collect from your public profile to contact you.
These scammers could be your friends who have already been hacked, or someone who is following a couple of your friends, so you might think you know them from somewhere. If your photos indicate that you are a Muslim, you are greeted with “salaam”. If you post pictures of your kids, they will ask you how they are doing. If you are a nurse, they will ask questions about the workload at your clinic.
After gaining your trust, the scammer will ask you to enter the email address they sent you into your account settings, ostensibly because this is how the “ambassador program” will “verify your vote”. But if you do that, you’re essentially giving them full control over your account, as they can use that email to send themselves a password reset link – and block you quickly. They can then repeat the process with your contacts, pretending to be you.
How to avoid Instagram “voting” scams
Use Two-Factor Authentication
Setting up two-factor authentication is a great way to put another barrier between your account and scammers looking to hack it. If they try to change your password when you have two-factor authentication set up, they will also have to ask you for a code, which you send via email or text message. And we all know better than sharing our personal two-factor IDs with anyone, right?
Never send screenshots
This was new to me – I didn’t know that scammers would be able to send links that are generated only on your side of the chat. But now I know: never send screenshots with links or personal information to someone you don’t trust 100%.
Never enter an email address that does not belong to you in your account settings.
It seems too obvious, but everyone thinks so before falling victim to a scammer. Of course, this is suspicious from the start, and if someone asks you to switch your account email address to someone else’s for any reason, run away (metaphorically).
Don’t use third party apps
When everyone else is using trendy new apps that integrate with Instagram to see what they’ll look like when they turn 80, resist the urge to join them. It’s best to never allow third-party apps to access your Instagram account unless you’re sure you can trust them to steal your information or mess up your account settings.
Be suspicious of “friends” who ask you to do something in private messages.
I understand that we all want to help our friends become famous on Insta so that one day they can repay us with an invitation to Fyre Festival 2.0, but don’t act too fast. If one of your friends asks you to do something that seems unbranded, contact them in other ways, like text message or Facebook, to make sure they haven’t been hacked. You will be doing both of you a favor.