With the Internet and technological advances, we digitized our lifestyles, and so did cybercriminals to adapt to the new circumstances.
Over the past years, the rate of security incidents has been constantly growing. For the first 9 months of 2020, the number of reported security breaches increased by 51% compared to the 2019 results.
Sadly to admit, but often the human factor is the main reason for the success of a cybercrime. Weak passwords, unprotected sensitive information, giving out the data as a result of social engineering attacks, opening suspicious links and attachments from emails are just some common mistakes villains can turn against you.
That’s why it’s critical to raise security awareness and learn the rules of safe internet conduct through online courses on cybersecurity and checking the news to ensure the protection of your personal and financial data.
As we live in the age of social media our behavior there can influence the chances of becoming an easy target for cybercriminals. Instagram with nearly one billion users per month is one of the most popular social media, thus it opens the broadest horizons for scamming activity.
So here we go with the most common Instagram scams and how to avoid them:
Email spoofing is a forgery of the email headers to alter the email sender. In simple words, it’s sending emails from an address that look as if they were sent from legitimate users while in fact, they are sent by scammers.
Usually, email servers require entering the email address and passwords, but there exist open-relay servers that do not require any authentication, meaning one can send an email without logging in to it that makes it a paradise for spammers and other cons.
Gladly, the number of such emails are often rejected or go to spam, but still, it’s possible that an incoming spam filtration system lets them in and they come to users’ inbox.
What’s the scam?
These emails sent from addresses like firstname.lastname@example.org can contain information that you are hacked and need to confirm your identity by clicking a link, or informing you about suspicious activity, and include other content that seems like a service message.
The more convincing they seem, the higher the chances are of tricking recipients to perform actions that can expose their personal details or download malware to their devices. This technique is often used in combination with phishing scams.
Phishing is one of the most widely used social engineering tactics. Here crooks are using phone calls impersonating someone from the company’s staff (usually from either financial or risk and abuse department), fake websites that completely duplicate the functionality of the legitimate login page, or direct messages informing that users won some contest and need to register on a website to claim the reward.
Usually, these fake websites contain some spelling mistakes in a domain name like instagrramm.com or slightly different name that is similar to the brand like instagrammsupport.con.
What’s the scam?
Everything is obvious here. The main aim of phishing is to steal money or personal information by convincing a target to enter their username and password on a fake website, or to give out the credit card details during a phone call.
Fake Instagram brand pages
Creating fake Instagram brand profiles is another popular scam on Instagram. Sometimes, it may be hard to spot the fake, because such accounts regularly post new content, have many followers, likes and high page activity (like engagement in stories and the number of comments).
Another suspicious thing is store policies. Here we see freebies for comments and likes, unusually low prices and huge discounts for new collections.
What’s the scam?
There can be several strategies for fake pages: selling cheap brand replicas pretending them as originals to the customers, trick them by taking money for goods that will never be shipped, or first earn the community of active followers and then completely change the topic of the page to promote financial schemes, gambling or something similar.
Usually, official accounts have a verification sign near the profile name, like the one on the screenshot below, so watch out if you want to buy something from the account that claims to be official but does not have the blue checkmark.
Instagram Charity Frauds
Scammers thrive on our feelings of compassion and desire to help. That is why Instagram charity frauds are still popular. Usually, fake representatives from non-profit organizations reach out to influencers and offer them partnership.
In most cases, it’s about spreading a word about them in a series of posts or stories with the aim to attract a new audience asking them for voluntary donations or requesting to buy promo products promising to donate a certain sum from the revenue to support a good goal.
What’s the scam?
Usually, these are fake organizations hiding behind supporting a good thing starting from protecting human rights, anti-violence, and homeless people, to environmental initiatives. But in fact, once payments go through, they never send a product, or do not have proof that money was actually donated.
It may also happen that scammers speculate on the real organization or a person who needs help without their knowledge just making money for their own good while the reputation of the latter may suffer due to such scamming activities.
Instagram Giveaway Scams
Organizing an Instagram giveaway is a great strategy to promote a brand page. It boosts the brand exposure through users following the instructions like subscribing to all the sponsors, putting likes on several posts, and sharing personal contacts for winners to get notified after the randomized choice for 3 top prizes.
What’s the scam?
This scam is valid both for users who participate and for companies that want to become sponsors to receive some audience. The organizers just gather the details from users to get the down payments or products that should be given as rewards to winners from sponsors and either vanish or set up their own figurehead to “win” the main award.
Free Instagram likes and followers
Looking for ways on how to increase the audience and boost engagement, Instagram users often become victims of bots and automated accounts that promise free likes and followers. It seems to be an attractive offer especially taking into account the fact that you are not risking anything and get something for free.
What’s the scam?
Unfortunately, everything has its price and falls for free exposure. Usually, to earn free likes and followers you need to download some software, enter your login details, and here’s where the trick is.
Often, this software is a botnet that fed on its own and used the entered details for unauthorized account activity. Several years ago more than 100 000 users suffered from the free application InstLike that stole their account details to be used for spamming activity.
You can see the post comments and direct messages about the chance to earn a fortune starting from offering an easy job where you just pay a small donation to get access to the database of potential employers, or upfront fee for training material.
The financial pyramid is another financial scam where you make an investment, attract your family and friends to do the same to increase your status in the system. You just need to invest a bit and then easily double or triple the investments. And the bad thing is that many people fall into the trap, because who doesn’t like easy money?
What’s the scam?
These con artists are really inventive so their approaches vary from accounts of successful millionaires who want you to invest $100 to make $400 in 2 hours, and then pay a bit more for the transaction, and guess what? You never see your money again. They disappear once they receive what they need.
A similar is the option when someone pretends they want to make friends with you, letting your guards down by telling some personal stories, and then “revealing the secret of some easy way to make money”.
One more way to trick a user is informing them that they won some kind of a lottery asking to fill in the credit card details to receive the prize.
How to protect yourself from Instagram scams?
These are the most popular Instagram scams, but from time to time this list is expanded with new schemes on getting profit from innocent victims. Luckily, it’s possible to minimize the risk of these threats by following these simple yet effective rules:
- Make sure to set up strong hard-to-guess passwords containing special symbols, numbers, and letters of both registers and regularly update them.
- Enable 2 Factor-Authentication. It can be done using these instructions. To protect the account even more, make sure that 2FA is enabled also for the contact email address, as in case cons try to compromise it, you have double protection.
- Do not lure into getting free likes and followers, as apart from exposing your login details, the unusual spikes in traffic and activity on your account may detract potential sponsors as well as cause a temporary or permanent account block, as Instagram opposes buying activity and takes strict measures for violating this policy.
- Invest into a good antimalware and firewall solution, so even when you accidentally open some malicious link, it gets blocked.
- Do not download any third-party applications aimed at boosting account metrics that require your login details unless they are officially allowed by Instagram.
- Carefully check the sender address if you receive emails from Instagram that are different from the ordinary ones, google if someone already receives requests like yours, and do not click any links from there if something seems to be off.
- In case of a suspicious call or email, do not hesitate to ignore it and contact the support via official means to confirm the legitimacy of the request.
- Do not react to requests from people you do not know with offers to participate in some financial schemes.
- If you receive an attractive partnership request, do not forget to ask about previous partnerships for some proofs, references, check the company’s reliability, conduct google research, and communicate with people who already have experience working with this company.
- Never pay for claiming the reward in giveaways, lotteries and other contests and if you haven’t participated in such a thing, just block such requests.
- Report a suspicious post or account whenever you come across a scam so that Instagram can block it and protect its users.
- If you come across an unofficial brand page and want to buy something from them you may contact the official page to ask if they have any agreements with the mentioned account.
- If you receive a partnership request from a store that sells goods from famous brands, ask for documents or certificates that confirm the legitimacy.
- Non-profits usually have their own websites and terms of the partnership, so if you want to engage in similar activities with the organization, use official channels of communication to rest assured that you are dealing with real representatives who can confirm their charity activities.
Pro tip: When it comes to data leakages due to the security incidents for big companies, the obtained details may be used for social media hacking. There’s a database of the largest breaches created by Troy Hunt who acts as the web-security consultant and Microsoft MVP for Developer’s security https://haveibeenpwned.com/ that allows users to see if their accounts were compromised in one of them. When you enter your email it allows seeing if it was a part of data leakage. If the result is positive, you will see the message like this:
Protect yourself from Instagram scams
Instagram scams already tricked millions of users into giving out money and personal data and proceed doing so by combining old good methods on leveraging human weaknesses and the newest technologies. Instagram administration takes decisive steps to spot scammers through advanced methods. Machine learning algorithms spot suspicious activity before it gets obvious, and react to complaints on fraudulent accounts by blocking them and deleting fake pages.
Despite these measures and security improvements, there are still many inventive ways to trick the system. Whenever, there’s a human factor involved, hackers still thrive on our weaknesses as we are the easiest target for hacking.
Unfortunately, it’s not possible to protect your personal data once and for good by going through the security checklists because it’s an ongoing process that requires a regular audit, system updates, password change, and checking security news. However, combined with the abovementioned tips, you significantly reduce the chances of exposure.
Don’t fall into the trap of something that seems to be an overly easy win and stay alert!