Back in the day, social media were formed organically by its communities. Nowadays, they also serve as a marketing tool with sophisticated strategies for approaching customers and selling them products. Instagram is used by brands and influencers at all times. And this fact sets the ground for scammers to take advantage of Instagram users.
There are a lot of well-known ongoing scams on Instagram, including phishing attempts, fake investment offers, fake giveaways, nonexistent job offers, and many others. In this blog post, we want to focus on phishing attempts, where attackers create fake accounts impersonating influencers or brands.
Impersonating Instagram Influencers
According to our research, the most impersonated accounts are finance influencers. The reasons are apparent – their followers are interested in quick money gains and often have money ready to invest.
Knowing this, we set up an Instagram account and followed several accounts related to finance. After a couple of minutes, we received a message from our target.
The scammer impersonated US-based influencer Marko Zlatic, who goes by “WhiteBoard Finance.”
After initial messages and offering us access to their investment platform where we can “earn up to $6800 in just five working days” with just a 500$ first payment, we decided to go for it.
Who wouldn’t accept such an opportunity? Afterward, the attacker asked us to send him our WhatsApp number so that he would further educate us about bitcoin. The conversation continued on WhatsApp, where a US phone number contacted us.
On WhatsApp, he offered us a “too good to be true” investment plan. We could invest up to $10,000 and earn $100,000 for just a 15% commission fee. To process this further, he instructed us to buy bitcoins.
When we convinced him that we had bought bitcoins, he wanted us to send the funds to him via his suspicious site. In this step, we decided to stop following his instructions because if we did transfer our funds, he would have stopped communicating with us and move to another victim.
We have definitely seen way more convincing phishing attempts. There’s every likelihood that most people wouldn’t fall for this one. Anyway, we asked our scammer to share a screenshot of his bitcoin wallet to confirm his funds. A man who offers you to earn thousands of dollars should have his purse full of money.
Naturally, it can be argued that the screenshot was fake. But right when it was apparently taken (Nov 26, 11:44 AM), the bitcoin price reported by CoinMarketCap was identical to the one on the screenshot. If it’s true, how did the attackers get it? Probably by scamming people.
Impersonating Instagram Brandas - Giveaway scam
The later type of scam on Instagram is more straightforward. It requires less interaction with the victim, and as a result of a successful attempt, the attacker gets his credit card information.
An attacker sets up a fake profile of the targeted company or brand by slightly changing its name. For example, “theposmanknocks” vs. “thepostmanknocks.” According to our research, the scammers are monitoring followers of the original Instagram account, and a while after a victim starts following them, he or she will receive a message from a fake account saying that they were selected to win free products.
After clicking on the link, the victim is redirected to a phony looking website that requires him or her to register and enter his or her credit card information. However, they are not signing up for the giveaway. They are only handing over their credit card details to the attacker.
Attackers won’t stop phishing people. It is still their most popular technique because it targets the weakest link in a chain – people. You can educate your users on distinguishing phishing, but you will never achieve 100% protection. However, Whalebone can help you protect your customers by providing them with zero-disruption security that will prevent them from accessing malicious websites.