Security
Headlines
HeadlinesLatestCVEs

Headline

How to Avoid the Worst Instagram Scams

Fake sellers. Competitions. Crypto cons. There are plenty of grifts on the platform, but you don’t have to get sucked in.

Wired
#web#apple#intel#auth

Since Mark Zuckerberg snapped up Instagram for a mere $1 billion in April 2012, the app has grown into a social media juggernaut and one of Meta’s biggest assets. More than a billion people use Instagram every month, with influencers relying on it as a key source of their income.

Any online congregation of this size is naturally a target for hackers and scammers looking to take advantage of people and make a quick buck. As a result, Instagram is a frequent objective for scammers trying to take over your account and get you to send them money, as well as for shilling cryptocurrency scams.

“Instagram scams and account takeovers are a big problem,” says Jessica Barker, the co-CEO of cybersecurity company Cygenta, who says she has seen a recent uptick in reports of Instagram scammers. “Scams take place over all social media platforms, but Instagram’s popularity, open nature, and sense of personal connection make it an ideal platform for scammers to exploit.”

Still, it is possible to avoid the vast majority of Instagram scams with a little knowledge of what to be cautious of and some quick changes to your account settings.

How to Spot Scams on Instagram

Scammers move quickly. Whenever there’s a big event such as Russia’s war in Ukraine, the outbreak of Covid-19, or rapidly fluctuating cryptocurrency prices, the scams appear soon afterward. Online scams are constantly evolving, which means there are plenty of ways scammers may try to extort you. One startup is now even selling insurance against Instagram hacks.

“With Instagram being so popular, audiences can grow quickly, and often the number of followers can make people trust an account in no time,” says Jake Moore, global cybersecurity advisor at security firm ESET. “This is accelerated when known contacts already follow such accounts, and this trust can be a very forceful presence if required to make victims hand over details such as their credentials to a fake landing page to ‘sign in,’ for example.”

Instagram details the wide range of potential scams in a post on its website. These include loan and investment scams such as cryptocurrency scams, competitions and giveaway scams, job scams involving fake job ads, phishing scams to gain access to your account, and counterfeit products like fake iPhones and Apple Watches.

Scammers try to achieve a couple of things: They want you to send them money or get access to your Instagram account so it can be used in ongoing and future scams. These scams often work in similar ways as scammers try to trick you into either handing over personal information or money, or get you to click on links that can harvest your login details.

It’s likely that a lot of scam efforts on Instagram will be directed at you using direct messages. Scammers can send you messages or links to click on that lead to phishing websites. “A good way to recognize if you’re being manipulated is to look out for communications that are unexpected, make you feel something, and ask you to do something,” Barker says.

If an account slides into your DMs saying you’ve won a competition or that you should check out a way to make money quickly, or is offering some kind of promotional collaboration, then it’s probably too good to be true. (You should delete the messages and report the scam.)

“When it comes to spotting a scam on Instagram, people should look out for messages asking you to click on a link, even if they appear to come from a friend, a trusted brand, or Instagram itself,” Barker adds. Scam messages often include typos, poor English, or want you to click on a link taking you away from the app. They often also come from recently created accounts.

Scammers have been spotted using Instagram’s logo and branding to send tech, verification, or security support messages to people via DMs. These are all fakes. Instagram says it will never send you direct messages about your account. (You can see official emails from Instagram in the app’s settings.) “Look out for posts about giveaways, gift cards, and investment schemes, as these are common tactics for criminals,” Barker says. If a brand is contacting you from an unverified account, you should be very cautious about replying.

Scams also come through Instagram Stories. “Fraudsters abuse the Instagram Stories feature, posting scams there that autodelete after 24 hours,” says Chris Boyd, lead malware intelligence analyst at cybersecurity firm Malwarebytes. “The scam is hidden behind their profile picture; you won’t see it in the main collection of images,” Boyd says, adding that this move helps to keep the scam away from Instagram feeds and automatically vanish, making it harder to detect.

While competition scams and attempts to access people’s accounts aren’t new, Instagram has also seen a rise in “hostage-style” scams, where people are forced to post videos telling people to invest in bitcoin or other cryptocurrencies to get their hacked accounts returned. Multiple Instagram users, as reported by VICE, have been pressured into recording videos after their accounts were hacked. Other people report losing thousands to Instagram scammers. The incidents highlight why you shouldn’t trust every account you follow.

"Cryptocurrency scams are quick methods to whisk users away from the relative safety of the Instagram platform and onto trading sites where Instagram can’t help,” Boyd says. “Extortion-driven cryptocurrency endorsements are a smart move on the part of the scammer. Leveraging people you know and trust in visual mediums to promote something is always going to be more convincing than a random email.”

How to Avoid Getting Scammed

There are things you can do to avoid getting hacked and the worst scams—these are a mixture of security settings and slight behavioral tweaks. Thankfully the process isn’t too complicated, and small changes can make a big difference.

First, as mentioned earlier, you should avoid clicking on links that are sent to you, especially from accounts that you don’t know personally, or if someone you know sends a URL that seems out of character. “Following an account for many months still may not make it an authentic account,” Moore says.

If an account doesn’t seem right, you can look into its origins. “Research accounts to decide if they can be trusted—you can find information, such as when an account was created, by clicking About this Account under a profile. You can also check whether accounts are verified,” Barker says.

Second, your default setting should be one of suspicion. If your Instagram account is public, anyone can see your posts and message you. By limiting who can message you, you reduce the chances of being exposed to scams. To change whether your account is public or private, visit Settings, Privacy, and toggle your account to Private.

While you are in privacy settings, you should also limit who can message you. Under Messages there are options to send received messages to a Message Requests folder, and you can stop accounts that don’t follow you from messaging you through the Others on Instagram menu. For more details, see our guides on how to limit who can contact you on Instagram and the steps you can take to stop tracking and improve your Instagram privacy.

Arguably the biggest way you can protect your account from being taken over by scammers is by using a unique, strong password—stored in a password manager—and turning on multifactor authentication. Enabling multifactor authentication requires anyone trying to log in to your account to use a login code or click a notification in addition to using your password—and it’s effective against account takeovers.

To turn on two-factor authentication on Instagram, tap on your profile picture in the bottom right corner of your phone, then tap on the hamburger menu. Go to Settings, then Security, then Two-Factor Authentication. You can turn on security protection there. If, in the worst-case scenario, your Instagram account does get hacked, here’s what you should do.

Wired: Latest News

More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity