According to cybersecurity firm Kaspersky, hackers target Instagram users to take over their profile. After modifying the information needed for recovery, they demand ransom to give the personal data back or spread spam and other malicious content.
The antivirus company says there are official-looking e-mail notifications in circulation claiming “Your account will be permanently deleted for copyright infringement.” The fraudsters use the original Instagram header and logo and email addresses like [email protected] or [email protected]
The trap is a “Review complaint” button that takes users directly to the phishing page. After being accused of violating copyright laws, users are asked to verify their accounts or else they would be deleted within 24 hours, sometimes 48.
But getting access to your Instagram account is not enough; the hackers also want to get your email access data. After selecting an email provider and entering your account’s address and password, the following notification appears: “We will review your feedback”. Afterward, you will be redirected to the real Instagram website.
To avoid falling victim to scams like this, heed the following tips to protect your personal data:
- Ignore suspicious links.
- Check the address bar for the URL of a webpage. URLs like 1stogram.com or Instagram.security-settings.com indicate a scam.
- Use the official Instagram app from the App Store for iOS or Google Play for Android.
- Do not use third-party services and apps for login and authentication.
- Turn on two-factor authentication for Instagram and your e-mail account.
- Use a reliable security solution that filters suspicious messages and blocks phishing pages.