This post may contain affiliate links. If a product or service is purchased using a link(s) in the post below a small commission may be earned.
Last updated on July 5th, 2024 at 11:41 am
header image provided by Pexels
This morning I saw a very interesting post on Instagram. It seems there is a new phishing, hacking, or scam going around Instagram. I can’t really pinpoint which it is but It’s definitely the first two.
I was checking my account this morning and saw a post that someone shared in their stories. They shared that they had a suspected hacking attempt.
Granted not many of these account takeovers are new but when it happens to you it’s a bit scary.
I’m choosing not to share the Instagram account to protect the person’s privacy. But I will say the account is owned by a woman who focuses on beauty products.
It all starts with a DM
The account holder shared that she had been messaged by a random person. They asked if they had also been sent random messages from Instagram.
Let’s face it that’s confusing if you have a random person ask “Hey are you getting spam messages from Instagram too?” (I’m paraphrasing the wording by the way).
Of course, this would lead to some interaction because most people would ask what they meant.
That’s what most people would do.
So the interaction begins.
Then as the chat goes on the person may send a screenshot of the message they are receiving. This may not be odd at first but the chat takes a turn.
The DM sender then requests you to send them a screenshot of the spam Instagram messages you are getting.
Let’s think about this for a second
Why would the person need you to send a screenshot back?
Well, this could be a number of reasons:
- The DM sender could hope to capture some important account info such as a 2-factor authentication code for logins.
- They could try to duplicate the link that you may be sent to access your account.
The sender seems concerned
From the text that the account owner shared it seemed like the DM sender tried to seem concerned about the spam messages. They also added that the messages needed to be reported along with making sure no links were clicked.
Here’s the scary part
Even as cautious as the account holder was she shared a screenshot of the spam message she had been sent. Well, she immediately deleted it. Not long after that, she was locked out of her account.
She was also sent a 2-factor authentication notice from Instagram stating someone had tried to log into her account.
This resulted in her having to reset her password.
So in short somehow through this seemingly harmless interaction, the DM sender gained control of her account.
Is this affecting everyone?
I would say yes it might. The original poster who alerted me to this is using an Apple device but I assume it may strike android users as well.
what you can do to protect yourself
The best thing you can do in this case is don’t reply to random DM messages. You can also block the account if you don’t want to be bothered.
Always have 2 Factor Authentication activated on your account. Yes, it’s annoying but it may help in cases like these.
Have strong passwords. Try to make them a combination of letters numbers and symbols. Again I know this can be tough but there are programs you can use to create passwords.
Let’s get the word out about this new hacking/account takeover attempt.