Instagram has become part of our daily lives as users leverage it to communicate and engage with friends and family. Unfortunately, the popularity of the platform makes it an ideal place for cybercriminals to operate large-scale scams. This scamming has worsened over the past year, and the BBC has recently claimed that Instagram fraud reports have increased by 50% since the pandemic began a year ago. As our digital lives continue to grow, and online scammers learn new tricks, it is essential to know how to identify an Instagram scam, and what to do if you are targeted to ensure you don’t fall victim.
Sophos, a global provider in next-generation cybersecurity, shares the most common scams on Instagram and tips to avoid them.
According to Instagram, below are the most common scams that users should stay aware.
- Phishing scams
Phishers try to get access to Instagram accounts by sending suspicious links, either as an Instagram direct message or via email, where users are then tricked into putting in username and password on a fake login page.
Once the crooks have those login details, they can access personal information and even change a password to lock the user out of their own account.
Fake Instagram “warnings” have been widespread recently, like the ones shown below claiming to be official copyright infringement warnings from Instagram:
Always delete message requests of this sort without opening them or clicking on any links or buttons.
1. Fake influencer sponsors
Scammers are taking advantage of the rise in influencers on social media to exploit the influencers themselves. These scammers pretend to be an established brand and offer influencers an advertising deal. If the influencer believes the deal they are receiving is legitimate, they may hand over their personal banking details to be “paid” by the brand.
2. Giveaway scams
Instagram influencers often hold sponsored giveaways featuring limited-time promotions in which brands offer free products or services to a few lucky winners.
These giveaways are often extravagant, giving followers the opportunity to win designer clothes, expensive laptops, AirPods, etc.
Unfortunately, scammers will impersonate trusted influencers to inform the “winner” that have won the giveaway but to receive the prize, the user needs to pay a “shipping fee” or provide personal information that the scammer will then use for illegitimate purposes.
3. Loan scams
With these scams cybercriminals send out direct message offering a loan with a great interest rate. All the recipient needs to do to secure this fantastic offer is pay a deposit. Of course, as soon as the funds are transferred, the loan offer, the scammer and the money will vanish.
4. Fake investment scams
These scams encourage us to invest in a dodgy “get rich quick” or “cash flipping” scam. Again, when victims hand over money the scammer disappears, and so do the funds.
Scammers often pose with expensive cars and designer clothes, claiming they’re “self-made” and became “rich” at a young age, to convince their victims to invest their money.
At the start users may receive emails or be given a website login with realistic looking but totally fake data that pretends investments are performing well. Some victims therefore continue investing more and more money, and even convince their friends and family to join in – until the scammers disappear with the lot.
5. Job scams
Scammers use the lure of what sounds like an amazing job to trick users into sharing personal information, possibly details such as home address, phone number, social security number, passport and immigration information and scans of ID documents such as driver’s licences.
The crooks aren’t asking for personal data to vet us for a job – they’re after the collected information so they can commit identity theft, where they use personal details to apply for loans, credit cards and more with the victim’s details.
6. Credit card fraud
Credit card fraud often begins with an innocent looking social media post offering “quick cash”, such as a contest offering a huge reward. Click on the embedded link and you’ll be asked for credit card information or online banking credentials. Once the scammers have managed to steal enough financial information, they will use these card details to make online purchases.
Sophos suggests four top tips for staying safe on Instagram:
- Pick proper passwords. Don’t use the same password as you do on any other sites. If you think you may have given away your password on a fake site, change it as soon as you can before the crooks do. Consider using a password manager if you don’t have one already.
- Don’t overshare. As much as it seems to be common to share a lot of your life on Instagram nowadays, you don’t have to give away everything about yourself. Also think about who or what is in the background of your photos before you upload them.
- Stay vigilant. If an account or message seems suspicious to you, do not interact or reply to the account and do not click on any links they send you. If something seems too good to be true, assume that it is too good to be true.
- Consider setting your account to private. If you aren’t trying to be an influencer whom everyone can see, and if you use Instagram more as a messaging platform to keep in touch with your close friends than as a way to tell the world about yourself, you may want to make your account private. Only your followers will be able to see your photos and videos. Review your list of followers regularly and kick off people you don’t recognise or don’t want following you anymore.