Security
Headlines
HeadlinesLatestCVEs

Headline

How Instagram scammers talk users out of their accounts

You won’t believe what some account-takeover scammers say. The post How Instagram scammers talk users out of their accounts appeared first on Malwarebytes Labs.

Malwarebytes
#git

If you’ve dealt with a scammer, you’ll know that making up stories is their bread and butter. Think about it: Just when you thought you’d heard all the infamous 419 scam backstories, scammers surprise you with a “stuck astronaut” scam, something so utterly hilarious, nonsensical, and otherworldly that you’ve just got to tell your friends and families about it.

While the 419 cosmonaut backstory (surprisingly!) has layers of truth to it, your typical Instagram scam story doesn’t have an iota of fact it can stand on. But because the stories that hook someone were designed to trigger an instant emotional response and a sense of urgency, Instagram scammers are more effective at getting the job done speedily.

Mind you, scammers are not after every Instagram user. They just need a handful of those people who will help someone without thinking. And since they’re not after money, just a bit of someone’s time, they already have one foot in the door.

Instagram scammer backstories vary, but the scams themselves follows one pattern: They ask you for help, tell you their backstory, and put their fate in your hands.

Here are some of the stories that scammers are known to use:

  • “I’m launching my own product line“.
  • “I’m in a competition and need you to vote for me“.
  • “I’m trying to get verified on Instagram and need people to confirm my fanbase with a link“.
  • “I need a help link to get into Instagram on my other phone“. (This is a very common tactic.)
  • “I’m contesting for an ambassadorship spot at an online influencers program“. This one is surprisingly popular, with fake ambassadors everywhere.

Regardless of the script they’re following, scammers will say you’ll receive a link on your phone via SMS. They will then ask you not to click the link but merely take a screenshot and send the image back to them.

The link is a legitimate Instagram “forgotten password” URL for your account, and scammers want you to screenshot it so they can use the URL to reset your password, take over your account, and lock you out.

It’s impossible to say what fraudsters will say next just to get you to screenshot a forgotten password link. Regardless, any requests for link screenshots should be treated with extreme suspicion. Whether product lines or ambassador programs, you can safely ignore these messages and report the sender.

Stay safe out there!

Malwarebytes: Latest News

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products