4 Common Instagram Scams - How to Recognize and Protect Yourself
Instagram is one of the biggest social media platforms in the world. The social media giant has over a billion active users. With that many potential targets you know the cybercriminals can't resist the chance to inflict havoc. Hackers are constantly coming up with new tactics that home in on Instagram users' private info or promote suspicious web services hosting harmful or content like trojans, worms, spyware, and other malware. These scammers are becoming more and more intelligent and their tricks are getting increasingly more sophisticated. In this article, we'll take a look at the X most common scams on Instagram.
NSFW content promoted as part of a spam campaign
Scammers have used bots to promote NSFW services on Instagram for a long time. You've likely run into some yourself if you're an active Instagram user. The scammers' idea is to monetize the traffic they get from all the clicks for more money. Fortunately, Instagram has automated detection mechanisms that eliminate most of this content. However, some will always slip through the cracks. It's just the nature of the cat and mouse game hackers and security experts play.
For example, in one recent campaign, the crooks leveraged a bunch of seemingly normal accounts to enact the scam in several steps without raising any red flags. The operation started with one such account following a large number of average Instagram accounts. The bio in the bot's profile told people some clues on what kind of content it offers, but the text had extra spaces and periods so that Instagram's anti-fraud tools wouldn't see any signs of inappropriate activity.
Also, a lot of these accounts don't actually contain links to external adult content, instead, they send the users to other Instagram accounts that push porn in a more explicit way.
Many of the accounts don't look suspicious at first glance. They may have up to three generic photos and the descriptions underneath these images are quotes from well-known novels by Alexander Dumas or George R. R. Martin, leading experts to label these as the "Novel bot accounts". To stay hidden from the detection software these profiles will offer no links within the profile data itself. Instead, the users have to start a private conversation with the bot to get that info.
For that reason, some bot profiles join big Instagram groups and create chats with adult themes or encourage people to complete sex-related surveys. Scammers dupe users into clicking a link to an adult dating website this way to generate more revenue. To another layer of protection and credibility for their bot profiles, the spammers may create a "Leaving Instagram" page that falsely flags the destination site as a secure one. It only seems to work for mobile users, however. Computer users are redirected to a different page, perhaps as some kind of evasion scheme.
"The Nasty List" phishing scam
Another wave of scams flooding Instagram is the nasty combination of social engineering and hacking. The scammers trick their targets with messages saying that they are on something labeled "The Nasty List". These messages get the victim's attention with phrases like "Wow you really are on the list, you're ranked number 14. This is terrible!" The exact wording changes but the premise is the same – to get the target curious and nervous about private pics or videos of them being made public.
Should the victim fall for the ruse and click on the embedded link for details, they are forwarded to another user's profile, usually named "the_nasty_list_88" or some variation. The description in the profile has a link that claims to lead to the supposed list. In reality, however, the links to a site, which is a fake Instagram login page. Even though it looks similar to the real thing you can easily tell it's fake by looking at the URL, which is nothing like the real thing. If you don't notice the different URL and enter your real username and password, guess what, the scammers have your login credentials now.
Then, the scammers will move quickly to take over your account and send "The Nasty List" messages to all of your followers thus continuing the scam and getting more victims. If you become a victim of this scam the first thing you must do is change your password.
Fake Android apps stealing Instagram credentials
Most avid Instagrammers love the idea of getting more and more followers. It's almost like an addiction to them. Some have even gone as far as purchasing followers. However, that can be dangerous. Security experts spotted multiple apps on the Google Play Store that promise to boost the number of your followers. Naturally, this proved to be a scam designed to steal the target's login credentials.
The security analysts say that the fraudulent apps were probably developed by a Turkish coder and that most of them were aimed at Turkish Instagram users. The crooks were able to get by Google's security protocols and uploaded these apps to the official Android software marketplace.
When an unsuspecting user installed one of these apps, they would see a fake Instagram sign-in screen. Like with the previous scam, the login credentials entered in it were instantly transmitted to the hacker. All login attempts result in an error message saying that the authentication was unsuccessful. Eventually, the victims would be told to log in from the official Instagram app and complete the authorization process from there. By that time, however, the hacker had already gained access to the victim's account.
Luckily, Google acted in time and all of these fake apps were removed from the Play Store shortly after they were reported to Google.
Fake verification services
As you may know, verified Instagram users enjoy certain perks, such as extra visibility on the social network, which means more opportunities to earn from cooperation with advertisers. Naturally, many people want to get verified status and the opportunities that come with it. Scammers know this, and they do everything they can to take advantage of this situation to part users with their money.
For example, a scam is going around currently, where suspicious individuals are contacting celebrities and other influencers with a strange deal. They are offering them an Instagram verification service for a price. The amount is $450 if the targets pay with Amazon gift cards, and there is a $150 discount takes if the user sends the funds in cryptocurrency. This is a massive red flag. Scammers prefer these payments like this because they are much harder to track by the authorities and they cannot be reversed.
The crooks say that the paid verification takes up to one hour to take effect, but in reality, the victims lose $450 and never get their verification. What is especially interesting about this scam is that the scammers are verified Instagram users themselves. The most likely scenario is that these are hacked accounts.
Either way, you should know that Instagram verifications cannot be bought or sold. It has to be awarded from Instagram itself, so anyone offering you Instagram verification is a fraud trying to con you out of your hard-earned money.