Clever new scam targets Instagram users

Photo (c) bigtunaonline - Getty Images

The more followers you have, the more likely you will be a target

Scammers are always looking for new schemes, and they have come up with a dangerous one that targets Instagram users.

The scam begins with an email warning that your Instagram account will be deleted within 24 hours because you have posted material that violates copyright laws. If you don’t have an Instagram account, you might immediately recognize it for what it is – a scam.

But millions of Americans do use Instagram and might be concerned if they get one of these messages. They may be aware that social media platforms have recently been under growing pressure to enforce copyright laws. 

Phony appeals process

Fortunately, the scammers have provided a convenient way to appeal the decision and prevent the deletion of the account.

“The email claims that you have just 24 hours (in some versions it’s 48 hours) to appeal and provide a ‘review complaint’ button,” according to the security experts at Kaspersky. “If you click it, you end up on a convincing phishing page, where fraudsters put an image saying they care very much about copyright protection and offer you a link to ‘Appeal.’”

The scammers are seeking your Instagram credentials so they can hijack the account. Kaspersky says they are targeting “influencers” with thousands of followers. Once they have control of the account, they can hold it for ransom and post all manner of spam.

The security firm highlights a number of red flags associated with this scam. First and foremost is the 24-hour deadline. The scammers want the victim to panic and react without thinking. This is a common feature of most scams.

The scammers also ask for your email login credentials when there is no reason to provide them. They also provide a long list of languages you can use, but the text remains in English regardless of the language you choose.

What to do

Kaspersky’s advice? Never click on suspicious links. Also, check the address bar for the URL of the Web page. 

“If instead of Instagram.com it says something like 1stogram.com or instagram.security-settings.com, get out of there quick, and don’t even think about entering any personal data,” the experts advise.

The experts also say to never enter account login credentials for authentication on third-party services and apps. Consumers can enable two-factor authentication in both Instagram and their e-mail account to help protect themselves.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.