‘This took a few hours to make’: Instagram scam offers users gift, then steals their account via linked website

The latest scam on Instagram involves a message that comes with a personalised link directing users to a separate website. — AFP

SINGAPORE: Some Instagram users have received messages supposedly from their followers that promise gifts that they can redeem by keying in their password in a separate login page that looks deceptively like an Instagram page.

But simply tapping on these links appears to be enough for hackers to gain access to users’ accounts – even without entering one’s password.

In cases seen by The Straits Times, users first receive a message from a follower with a compromised account claiming he has a gift for them. The message usually says: “This took a few hours to make. I hope you love it.”

The contents of these gifts are never specified.

The message comes with a personalised link directing them to a separate website that includes the receivers’ username, tricking them into believing the link was crafted especially for them.

Shortly after, swindlers gain access to the user’s account and use it to broadcast a similar scam message to other followers, who in turn may be deceived into thinking their friends are offering them a gift.

A similar line of Instagram scams was reported in overseas media, including British newspaper The Independent, which warned that the login page is a sham that allows hackers to enter users’ accounts.

It reported: “There (are) no gifts – and instead, that page will simply steal a user’s password, with affected people reporting that they are simply thrown onto an online gambling page at the end.”

Hackers will then have access to a user’s password, allowing them to send the same message to other users, The Independent wrote. It said that the first thing users should do is change their password.

Users should take caution before entering passwords on any website, it added.

Responding to queries from The Straits Times, a spokesman for Meta, which runs Instagram, urged users to pick strong, unique passwords and never share them with people they do not trust.

The spokesman added that users should turn on two-factor authentication in their settings for added security, but did not provide further details on the scam.

She pointed to an advisory under Meta that warns users not to trust messages that offer gifts, demand for money or threaten to delete their account, and to promptly report such cases to Instagram or Facebook, which Meta also operates. – The Straits Times (Singapore)/Asia News Network

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Musk's move to close Twitter deal leaves Tesla investors worried
Italy's De Nora teams up with GES on hydrogen battery project
Elon Musk, Twitter have yet to reach deal to end court battle -sources
As EV sales grow, battle over U.S. road weight limits heats up
Spotify acquires firm that detects harmful content
Lawmakers press U.S. Commerce for tougher checks on semiconductor chip subsidies
MENA emerges as world's fastest-growing crypto adopter -study
Dad of two dies after GPS directs him to washed-away bridge, North Carolina family says
Video game maker CD Projekt rises after strategy update, share buyback
Apple will be forced to use new charger after EU votes for USB-C

Others Also Read