Anything popular with the public will always become a popular target for scammers and this is certainly true about Instagram. I have written many times in the last few years about various scams associated with Instagram. Today’s Scam of the day involves a way that scammers are hacking Instagram accounts, after which they either demand that you pay them a ransom to reclaim access to your account or use your account to spread malware. The scam starts when you receive a phony notice informing you that your account will be permanently deleted for copyright infringement. The notice appears to come from Instagram and has a convincing logo in the mail. The email address from which it is sent at first glance appears to be legitimate. The emailed notice generally gives you 24 hours to appeal the decision and provides a button entitled “review complaint” for you to click on. If you do click on it, it will take you to a official looking, but actually bogus Instagram page where you can click on a link marked “Appeal.” This is where things really start to get dangerous. It is there that you are instructed to type in your Instagram credentials, after which a message comes up indicating “We need to verify your feedback and check if your e-mail account matches the Instagram account” and you are directed to provide your email address and password for your email account for verification purposes. Victims of this scam end up not only enabling a cybercriminal to take over their Instagram account, but also their email account. In addition, people who use the same password for all of their online accounts are in further danger because they have turned over the password to all of their accounts including their online banking.
While the initial email address from contains the original notice of copyright infringement appears to be a legitimate, it is not. Read it and the address bar for the URL of any web page you may be directed to carefully. When providing information to Instagram, don’t use links in emails or notices, but rather use the official Instagram app. Never provide account information or login credentials for authentication purposes on any third party service or app. Another good rule to follow is to use dual factor authentication for your Instagram account, email account and any other online accounts you have so that even if your user name and password are compromised, you are still protected. Finally, make sure you have good security software on your cell phone, laptop and computer which can, in many cases, recognize and block phishing emails and phony websites such as used to perpetrate this scam, remembering, of course, that such security software is never 100% effective.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”