Authorities are warning social media users about a new phishing scam on the popular image-centered site Instagram. The criminals initiate the scheme by contacting their victims via email, posing as Instagram support, and claiming the user has violated copyright laws.
Read on to find out more about this insidious new scam, how you can spot it, and what to do to keep the criminals from stealing your personal information.
A frightening, strongly-worded email is the center of this underhanded scheme. Criminals email Instagram users claiming that users have violated the terms of service by posting copyrighted material on their accounts. The email encourages users to dispute this by following a link within the email, which will take them to a copyright claims page within Instagram’s site.
Here’s the trick: this email isn’t real, and the link takes you to a false site. The site looks convincing. It’s got the Instagram logo at the top, and the form fields look similar to the real thing. But if you put in your username and password, you’re not logging into your account. You’re actually handing your credentials to scammers.
Scammers love to steal established social media accounts. This allows them to reach a wide audience of trusting users. They can use their new fake account to advertise shady businesses, expand their reach, or just run further scams. Often, these fake accounts are ideal for romance scams, allowing the criminals to defraud other users without any risk of having the activity traced back to them.
Always examine the source of a new email in your inbox. If you don’t recognize the sender, don’t open it. Instagram could email you about an account issue, but it will send the message from its official support account, not from a bizarrely-named burner address.
Likewise, you should avoid ever following links within emails. This goes double for emails you get from unknown users. If you get a message that instructs you to visit a website to remedy something, just navigate to the site through your browser and log in from the official page. This helps you sidestep any potential phishing attacks by simply leaving emails alone.
Never panic. Scammers want you to freak out so you make bad decisions. Calm down, call the company’s support number, and consult with people who know what they’re talking about. Cooler heads always prevail, so never let a scary-sounding email trick you into giving up your confidential login information.