INSTAGRAM users are being warned over a dangerous new scam that could see hackers steal your identity, and even extort you for money or sexy selfies.
The attack is being pinned on a group of Turkish hackers, and can leave you locked out of your Instagram account forever.
Instagram scams are nothing new, but cybersecurity experts at Trend Micro are warning over a particularly convincing – and highly dangerous – attack.
According to the security boffs, a number of high-profile accounts have been hacked using this method.
“While it seemed straightforward enough, we also found that targeting popular Instagram profiles has become a modus for a certain group of Turkish-speaking hackers,” a new report warns.
“And by abusing Instagram’s account recovery process, they were able to keep the stolen account even if the victim squarely followed the process.”
Threat researcher Jindrich Karasek said that Instagram accounts with as many as 70,000 followers have been hacked.
“The victims ranged from famous actors and singers to owners of startup businesses like photoshoot equipment rentals,” Jindrich revealed.
Worse still, once hackers get into your account, they’ll try to nab compromising material from you – like saucy selfies.
“The group also engages in digital extortion. Once a victim tries to reach out to the hacker, they would be wringed to fork over a ransom or nude photos and videos to get the account back,” said Trend Micro’s Cedric Pernet.
“Of course, the hackers never give it back. Indeed, this kind of attack — targeting high-profile accounts or social media influencers — highlights our predictions for this year’s threat landscape.”
So how does the scam work?
It’s a classic phishing attack, where you receive an email pretending to be from Instagram – but it’s actually sent by crooks.
The email asks you to verify your Instagram account to earn a Verified badge on your profile. These are seen as a status symbol, and are coveted among users.
Instagram would never operate like this, so that’s an easy way to avoid this scam.
Once you click ‘Verify Account’ you’re redirected to a phishing page where you hand over your details.
Hackers gain access to your account, and lock you out completely.
Don't get phished! Here's how to stay safe
Here's the official advice from cybersecurity boffs at Trend Micro…
The hackers in these instances lure victims into handing out personal information to get an incentive (such as a blue badge in their profile).
Their mimicry of Instagram’s emails also made their malicious emails appear legitimate. Here are some of the red flags users and businesses can watch out for:
- Use of domains other than the social network’s own
- Dubious font styles (i.e., usage of screenshots instead of actual images)
- Incorrect grammar and punctuation
- Emails that ask for credentials; social networks never ask for them outside of their actual, secure login pages
We’ve asked Instagram for comment and will update this story with any response.
MOST READ IN TECH
Mobile phone users were recently warned about a major Android malware problemthat affected 9million users.
And we recently warned about an iPhone Safari scam that’s almost impossible to spot.
Watch out for the infamous WhatsApp Gold virus doing the rounds too.
Have you spotted any online scams recently? If so, let us know in the comments!