As Instagram reaches its 11th year, ESET, a global leader in cybersecurity, has compiled five common scams on Instagram, and shared tips on how users can stay safe from them. With over one billion monthly active users, Instagram is among the top four most popular social media networks in the world. Consequently, the large number of potential targets may also become a hotbed for cybercriminals to commit scams on the platform.
In Asia Pacific (APAC), India and Indonesia are amongst the top five countries globally with the highest number of Instagram users, with India having the largest audience size with 180 million users. With the number of Instagram users globally expected to reach almost 1.2 billion by 2023, prevention of online scams will become increasingly challenging. According to an ESET survey, 18% of internet users in APAC have experienced an online scam related to social media in 2020 (Hong Kong: 19%, India: 21%; Indonesia 16%; Malaysia: 20%; Singapore: 16%; Taiwan: 13%; Thailand: 19%) .
“Due to the pandemic, people are spending more time on social media networks such as Instagram to connect with friends and family. To navigate these platforms safely, it is extremely important for users to be aware of the ways cybercriminals are capitalising on unsuspecting users. By educating users of the possible cyberthreats on Instagram, we hope users will remain vigilant when using the platform,” said Sim Beng Hai, a cybersecurity expert at ESET.
Five common scams on Instagram:
Phishing is a type of scam to dupe victims out of their personal information and access credentials, and then proceed to use them in various illicit activities such as identity fraud or selling them on illegal marketplaces. Common strategies include evoking a sense of urgency by sending out fraudulent emails claiming that someone unauthorised may have logged into their account. The email usually includes a fake password reset link that, once clicked, will navigate you to a faux Instagram login page which will harvest their credentials and allow the scammers access to the account.
- Cloned accounts
By cloning the accounts of any Instagram user, cybercriminals will impersonate the people in the accounts they cloned and try to reach out to their friends and followers. Subsequently, they will claim that the legitimate account that they have cloned has been hacked, this is the new one and that “hackers” have cleaned out the account owner’s bank accounts, or claim that the account owners are in some other kind of monetary debt. Victims can end up being scammed out of their hard-earned money in the belief that they are helping out a beloved friend or relative.
- The verification badge scam
Verification badges are blue checkmarks next to an account’s name, which is a way for people to know that the notable accounts they are following or searching for are exactly who they say they are. Being verified basically also means the user has a large following and is influential to a certain extent within their community. This also opens up doors to various opportunities like monetising content through sponsorship deals with various brands that might offer them to showcase their products. And the desirability of that coveted badge is exactly what the fraudsters are betting on. Scammers may contact users, probably through a direct message offering to get them verified for a fee.
- Romance scams
These types of scams require the criminal to play the long game and earn their potential victims’ trust. This will usually involve a prolonged courtship, which will probably start with the attacker liking the victim’s posts, commenting on them, and eventually directly messaging them. Once the scammer believes they have the target enamoured, they will start asking for money to help them with a fake medical emergency or help them fund a flight so they can meet up.
- Questionable sellers
Instagram also allows brands to advertise their wares and even functions as a marketplace. Ads might be trying to sell high-quality products for rock-bottom prices and victims who pay money might not receive anything or receive a product of an inferior quality.
Tips to stay safe on Instagram:
- Always verify. If anything seems out of place, investigate it and if something looks too good to be true, it most probably is a scam. Also, be wary of unsolicited emails and messages.
- Watch out for telltale signs such as poor grammar, or the use of generic greetings instead of personalised ones in direct messages.
- When making purchases, perform a Google search, look for reviews about vendors and the products they offer and see if anything comes up. Victims of scams will quickly share their experiences on relevant review websites and online forums.