‘This took a few hours to make’: Instagram scam offers users gift, then steals their account via linked website

The latest scam on Instagram involves a message that comes with a personalised link directing users to a separate website. — AFP

SINGAPORE: Some Instagram users have received messages supposedly from their followers that promise gifts that they can redeem by keying in their password in a separate login page that looks deceptively like an Instagram page.

But simply tapping on these links appears to be enough for hackers to gain access to users’ accounts – even without entering one’s password.

In cases seen by The Straits Times, users first receive a message from a follower with a compromised account claiming he has a gift for them. The message usually says: “This took a few hours to make. I hope you love it.”

The contents of these gifts are never specified.

The message comes with a personalised link directing them to a separate website that includes the receivers’ username, tricking them into believing the link was crafted especially for them.

Shortly after, swindlers gain access to the user’s account and use it to broadcast a similar scam message to other followers, who in turn may be deceived into thinking their friends are offering them a gift.

A similar line of Instagram scams was reported in overseas media, including British newspaper The Independent, which warned that the login page is a sham that allows hackers to enter users’ accounts.

It reported: “There (are) no gifts – and instead, that page will simply steal a user’s password, with affected people reporting that they are simply thrown onto an online gambling page at the end.”

Hackers will then have access to a user’s password, allowing them to send the same message to other users, The Independent wrote. It said that the first thing users should do is change their password.

Users should take caution before entering passwords on any website, it added.

Responding to queries from The Straits Times, a spokesman for Meta, which runs Instagram, urged users to pick strong, unique passwords and never share them with people they do not trust.

The spokesman added that users should turn on two-factor authentication in their settings for added security, but did not provide further details on the scam.

She pointed to an advisory under Meta that warns users not to trust messages that offer gifts, demand for money or threaten to delete their account, and to promptly report such cases to Instagram or Facebook, which Meta also operates. – The Straits Times (Singapore)/Asia News Network

Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Microsoft says UK regulator an 'outlier' for blocking Activision deal
U.S. Supreme Court declines to hear bid to sue Reddit over child porn
Exclusive - EU's Breton to discuss AI rules with OpenAI CEO in June
Canadian AI computing startup Tenstorrent and LG partner to build chips
Italy plans state-backed fund to promote AI startups
Stellantis will need one or two additional U.S. battery plants - Tavares
US agency closes investigation into Tesla game feature
EU's von der Leyen to meet OpenAI CEO Altman on Thursday
Nvidia hits $1 trillion in market value on booming AI demand
Computex highlights: ROG's Ally handheld, Acer's stereoscopic 3D displays, Spider-Man themed GPU

Others Also Read