Scammers Hide Behind a Fake Instagram Help Center to Steal Passwords

A new scam is making the rounds, this time targeting Instagram users. The methods used by the bad actors have not changed much, only the bait is a little different this time. The attackers attempt to steal credentials and then exploit the platform's account recovery process to take over the account.

Previous Instagram scams used fake messages telling users they can receive a unique "Verified" badge on their profiles if they re-verify their account. Of course, verifying through the bait link only led to user credentials being stolen through a fake phishing form.

In this new scam that was reported in early September 2020, the bad actors are using new bait. The fake "Verified" badge scam has been replaced with direct messages sent through the Instagram platform. The fake messages claim to be sent from the Instagram Help Center - the platform's legitimate help and support portal. The messages use very simplistic social engineering and scare tactics. The text claims that another account has filed a copyright violation complaint and the scam victim's own account is now at risk of deletion over this incident.

Hackers Attempt to Scare Victims

The looming fake threat of account deletion is expected to prompt the victim into following a fake link in the message, which leads to a phishing page. The victim is first asked to enter their username, then a whole lot of additional information that should not be required, including 'known name', password, email and email password. A clever touch used by the scammers is that after an unsuspecting victim fills in all their information and it gets phished out, the form redirects to a legitimate Instagram page, giving the illusion that the fake form in the previous step was real. With all the information stolen from the fake form, the hackers can easily take control of the victim's account within minutes. The bad actors change the user email linked to this particular Instagram account and also unlink the victim mobile phone number from their account.

Despite the clever touches used in the scam, there are also some very obvious giveaway signs that the original message that attempts to scare the user is very fake. First of all, there are a load of grammatical, spelling and punctuation mistakes in the text, which should raise a lot of red flags. The link that opens the fake form is also a very obvious fake, with the domain ending in .rf.gd - a free domain extension that will certainly not be used for official Instagram communication or work.

Being extra careful and always on the lookout for those types of small quirks in malicious emails or text messages on your mobile devices. Any suspicious domain names and extensions as well as poor formatting or grammar in allegedly official correspondence are always signs of danger.