There are only a handful of people in the world who don’t have a social media account. With almost one in every seven people logging into Facebook daily, cybercriminals value your accounts more than credit card details.
Hackers can take over various accounts and use them for nefarious purposes by obtaining your credentials through whatever means necessary. This ranges from spreading malware, launching phishing campaigns or simply hijacking your profile.
But hacking efforts have gone much further than guessing your password. Read on for details on the latest devious scam used to take over Instagram accounts.
Here’s the backstory
Scams on social media platforms aren’t new, but criminals are constantly evolving their methods to catch as many users off guard as they can. Last year a scam started making the rounds on the Facebook-owned photo-sharing app Instagram.
Users started receiving mysterious direct messages from an account called “Copyright Help Center.” The message claimed that the account owner had violated some form of copyright. To correct the issue, a link was provided to appeal. Naturally, the link pointed to a scam website that attempted to steal login details.
After much media publicity, the scam quickly lost steam. But fast-forward a few months, and it seems that the same scam is popping up on Instagram. This time, cybercriminals chose to target Sophos’ Naked Security.
In a blog post about the alleged (and bogus) copyright claim, the cybersecurity company explains that the tactics from last year haven’t changed much. The con is still the same as before, where users will receive a notification about “infringing copyright.”
The message will then urge you to appeal the copyright claim by clicking on the link at the bottom. But this time, there is one big difference: the hackers have gone out of their way to make the fake website seem real.
Naked Security explains that:
- The domain used can easily be mistaken for a real Facebook address.
- When they clicked on the link it showed their real Instagram page with accurate stats.
- The “copyrighted” image was used in one of their Instagram posts.
What you can do about it
For this phishing scam to work, you would need to follow the link provided in the message claiming you’ve violated copyright. You’ll be taken to a spoofed page where you’re asked to hand over Instagram credentials if you click the link. Your best defense against this scam is NOT to click links in unsolicited messages.
That’s a great rule to live by. Avoid clicking links or downloading attachments found in unsolicited texts or emails. If you have business with a company, always type its official web address into your browser, so you know you’re dealing with it directly and not scammers.
Here are a couple more preventative measures to follow:
- Enable two-factor authentication (2FA) for Instagram, Twitter and Facebook. This adds an extra step in securing your account from criminals. It’s a good idea to take advantage of 2FA on every account that offers it.
- The actual copyright center for Instagram can be found here.