Social Media, it could very well be hell on Earth for the latest generation. Then again, its all about perspective, isn’t it. This generation is all caught up on how society views them based on their social media status, they are entirely blind to the consequences and repercussions that comes along with it

I am gonna focus on those today. The common Instagram scam.

Fake Copyright Infringement Alerts

Source: Sophos

Instagram users targeting with fake notifications usually over emails with a link to login to their account and fill a form so that the user’s account will not be suspended within 24 hours of the notification. The scam works like this,

  • Use receives a Copyright Infringement email with a deadline and threat of account suspension including a button to “Copyright Objection Form”
  • User panics about the deadline and clicks the link which leads to page that provides a detail about Copyright Notice with a button to “Appeal”
  • Clicking on the “Appeal” link takes the user to a fake login page including requesting additional information. The login URL looks legitimate enough for the user to ignore the telltale signs of fraud.
  • Once the user enters the credential, they get redirected to the real Instagram site, obviously. That’s how tricking users work.
  • The user’s credentials has now been harvested by the hacker.

Fake Log In Alert

Source: Sophos

Another scam is sending the users a fake log in alert with link to Instagram and a two factor authentication code. This message seem legitimate due to the fact that Instagram usually sends that sort of notification.

  • Users receive a notification that someone has tried to access their account.
  • The email contains a confirmation two factor authentication code as well as a link to sign in to the account.
  • Once the user clicks the email and enters the credentials, the user will be redirected to the real Instagram page but the credentials would have been stolen by the offender.

The most common thoughts that would pop up in anyone’s mind would be what can anyone do with the credentials? Many number of things.

  • They can message your friends and family and use it for financial gain.
  • Use access to your friends and family and try to get their credentials by sending them a fake login page.
  • Or any other personal gain.

The most common one in the security world is financial gain. The best way not to fall a victim would simply to be smarter.

  • If and when you get a notification like this or anything remotely close to this, navigate to the application directly without clicking on any links provided.
  • The application itself will have notifications if there’s any infringement or even a new login.
  • “You Activity” and “Security “under the Instagram application settings will give you a picture of where you have been and what you have been up to.
  • If doubtful, change your password and turn on the two factor authentication using “Authentication App” such as Google Authentication or Microsoft Authenticator.

As an old saying goes, its better to be safe than sorry.

Published by Meena Rajendran

Cybersecurity Professional

Leave a comment