Sophos Naked Security explains how Instagram has become an ideal place for cybercriminals to operate largescale scams amidst its gaining popularity and offers suggestions on how to safeguard ourselves from them.
Since its launch in 2010, Instagram has seen more than 1 billion accounts opened, and users on the service share close to 100 million photos every day.
Instagram has become part of many people’s daily lives, as they use it to communicate and engage with their friends and family. There are also many businesses and influencers who use the platform to make money.
Unfortunately, the popularity of the platform makes it an ideal place for cybercriminals to operate large-scale scams.
This scamming has worsened over the past year, with the BBC claiming in January 2021 that Instagram fraud reports have increased by 50% since the coronavirus outbreak began in 2020.
As our digital lives continue to grow, and online scammers learn new tricks, it is important to know how to identify an Instagram scam, and what to do if you are targeted.
Phishing scams
Phishers try to get access to your Instagram account by sending you a suspicious link, either as an Instagram direct message or via email, where you are then tricked into putting in your username and password on a fake login page.
Once the crooks have your login details, they can access your personal information and even change your password to lock you out of your own account.
Fake influencer sponsors
Scammers are taking advantage of the rise in influencers on social media to exploit the influencers themselves.
These scammers pretend to be an established brand and offer influencers an advertising deal. If the influencer is unlucky enough to believe that the deal they are receiving is legitimate, they may hand over their personal banking details in order to be “paid” by the brand.
Romance scams
Not all Instagram scams are quick and simple. Some adversaries go to great lengths over long periods of time to trick their victims.
Romance scams are where fraudsters enter into a fake online relationships, often speaking with their targets for weeks, months or even years to earn and then to abuse their trust. Once the target is ensnared, the scammer starts asking for money for visas, flights, travel expenses and more.
The scammer will continue asking for money for as long as the person at the other end continues to send it.
Avoid sending money over to someone you have never met face-to-face, even (perhaps especially) if the reason for sending the money is allegedly to meet them face to-face for the first time.
If you wire money to a scammer you are almost certainly never going to be able to get it back, even if you get law enforcement or the courts involved – sending a wire transfer is like handing over cash.
Giveaway scams
Instagram influencers often hold sponsored giveaways featuring limited-time promotions in which brands offer free products or services to a few lucky winners.
These giveaways are often extravagant, giving followers the opportunity to win designer clothes, expensive laptops, airpods, and so on.
Unfortunately, scammers will impersonate the trusted influencer and inform you that you have won the giveaway but in order to receive the prize you need to pay a “shipping fee” or provide personal information that they can then use for illegitimate purposes.
Loan scams
With these scams cybercriminals send you a direct message offering a loan with a great interest rate. All you need to do to secure this fantastic offer is pay a deposit.
Of course, as soon as you’ve transferred the funds, the loan offer, the scammer and your money all vanish.
Fake investment scams
These scams encourage you to invest in a dodgy “get rich quick” or “cash flipping” scam. Again, when you hand over your money the scammer disappears, and so do your funds.
At the start you may receive emails or be given a website login with realistic looking but totally fake data that pretends your investments are performing well. Some victims therefore continue investing more and more money, and even convince their own friends and family to join in – until the scammers disappear with the lot.
Job scams
Scammers use the lure of what sounds like an amazing job in order to trick you into sharing personal information, possibly details such as home address, phone number, social security number, passport and immigration information and scans of ID documents such your driving licences.
The crooks aren’t asking for your personal data to vet you for a job – they’re after your information so they can commit what’s known as identity theft, where they use your details to apply for loans, credit cards and more in your name.
Credit card fraud
Credit card fraud often begin with an innocent looking social media post offering “quick cash”, such as a contest that offers a huge reward.
Click on the embedded link and you’ll be asked for your credit card information or your online banking credentials.
Once the scammers have managed to steal enough of your financial information, they will use your card details to make online purchases.
Here are a few tips for staying safe on Instagram:
• Pick proper passwords. Don’t use the same password as you do on any other sites. If you think you may have given away your password on a fake site, change it as soon as you can before the crooks do. Consider using a password manager if you don’t have one already.
• Don’t overshare. As much as it seems to be common to share a lot of your life on Instagram nowadays, you don’t have to give away everything about yourself. Also think about who or what is in the background of your photos before you upload them.
• Stay vigilant. If an account or message seems suspicious to you, do not interact or reply to the account and do not click on any links they send you. If something seems too good to be true, assume that it is too good to be true.
• Consider setting your account to private. If you aren’t trying to be an influencer whom everyone can see, and if you use Instagram more as a messaging platform to keep touch with your close friends than as a way to tell the world about yourself, you may want to make your account private. Only your followers will be able to see your photos and videos. Review your list of followers regularly and kick off people you don’t recognise or don’t want following you anymore.