Instagram Scams Fool Hundreds of Thousands

Personal info targeted in multiple Instagram scams: Internet Scambusters #585

Instagram scams are among the latest con tricks to hit social networking sites.

Crooks are targeting the 150 million users of the photo-sharing site with phony offers aimed at stealing their identities or their cash.

We have the details in this week’s issue, along with tips on how to avoid being scammed — not just on Instagram but on all social networks.

Let’s get started…


Instagram Scams Fool Hundreds of Thousands


It sounds hard to believe but an estimated 100,000 people have willingly given away their usernames and passwords in an Instagram scam.

Instagram is one of the big players in the latest craze for image-sharing social networking sites.

It’s owned by Facebook and has more than 150 million members, many of whom use it to legitimately share family, fun and friendship photos.

It’s also used legitimately by many celebrities and businesses to visually promote themselves.

Often, Instagram photos are cross-shared via other networks, like Facebook and Twitter.

And, just like most social networking sites, it relies on “likes” and other actions to spread connections, which makes it another ready-made target for scammers.

Internet security company Symantec reported two big Instagram scams towards the end of 2013.

In the first, an app that was available on most smartphones and other mobile devices promised to get users lots more followers.

In return, they had to provide their Instagram sign-on details, which, when you think about it, then gave the app maker the ability to log on to victims’ accounts and use them to fulfill its offer of following others — and do whatever else they wanted!

Remarkably, Symantec estimates that 100,000 people did just that, creating what the security firm called a “social botnet,” a network of accounts that the app operator controlled.

Symantec reported: “(U)sers actually opt(ed) in to having their Instagram account externally controlled for the purpose of auto-liking and auto-following others. When we tested the application, right away our Instagram account began liking pictures without any consent or interaction from us.”

But that’s not all. The app then started asking users to pay to get new members via a “virtual currency” — “coins” they could buy with real dollars.

Users were also offered free coins if they recommended the app to others.

It’s not known if the sign-on details the app maker obtained were used for any other sinister purpose, like trying them out on other accounts.

Action: The app has since been removed from online stores but if you were a victim, you should change your password.

You should never provide sign-on details to a third party, and always use different passwords for every account.

Another 100,000 Fooled

Just a few weeks after that incident, Symantec reported that another 100,000 Instagram users had fallen for a hoax in which they received a message saying a huge number of accounts were going to be randomly deleted.

Victims were asked to repost the picture announcing the supposed deletion, on their pages, in effect causing them to “follow” the hoaxer’s own account.

The account was subsequently deleted, with no real harm apparently done.

“However,” says Symantec, “the message is clear: social network users are constantly targeted by scams, spam and hoaxes and these campaigns succeed, which is why those responsible for them keep pursuing them.”

Action: If you’re an Instagram user and receive any warnings or other messages that purport to come from the site, check Instagram’s blog.

Better yet, follow the official Instagram account, where you will see all legitimate updates.

Yet More Scams

As if to echo Symantec’s warning, a number of other Instagram scams have been uncovered in the past few months.

Many of them are photos offering free air tickets or other gifts in return for taking actions like reposting, tagging, following, commenting and so on.

No need to go into the details of what each of these terms means here. If you’re a social networker, you’ll likely know.

But the effect is to direct more and more attention to the scammer’s posting, which often contains a link that leads to a page either laden with advertising or hosting malware that infects your PC.

According to the Internet tech news and intelligence site Mashable, other recent Instagram scams include:

* A claim by a scammer that he/she knew a trick that would add zeroes to a $2 Green Dot Moneypak card.

All you had to do was buy the card and tell the scammer the number, which, of course, he/she promptly spent!

* A student loan forgiveness hoax, which again requested victims to follow.

The scammers set up an account using the name of the official student loan organization known as Sallie Mae and claimed 150,000 students loans were to be canceled.

Students who fell for it were asked to provide personal information, which was then used for identity theft.

* A dieting scam using before and after photos purporting to show the same woman after she had followed the diet plan.

Mashable noted: “Weight loss scams are rampant on Instagram. The mobile photo app lends itself perfectly to this type of scam, because it’s easy to post oh-so-convincing before and after photos.”

The tech site said the supposed product did exist but, according to reviews, didn’t work at all.

Sadly, there are many more Instagram scams, some of them trying to convince victims they’re genuine by highlighting other scams.

How to Avoid the Scammers

What can you do to avoid being snared?

First, be wary of any site supposedly belonging to a company like an airline that specifically offers giveaways and nothing else.

As Mashable says: “Why would a company create a new profile just for promotions and have to build up a following all over again, when they already have a profile?”

If there’s only one picture posted on the account, that should immediately raise a red flag.

If the posting purports to be a competition, check if the rules and regulations are shown.

Watch out for links with shortened domain addresses. Crooks use these to hide their real Internet location.

See this Scambusters report for more on this trick, How to Spot and Stop a URL Shortener Scam.

Finally, of course, don’t give away personal information, including passwords and bank or credit card details, to someone you don’t know.

That applies to all social networking sites, no matter how tempting the offer. In fact, the more tempting, the more likely you’re being lined up for an Instagram scam.

That’s all for today — we’ll see you next week.