By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    A Malware Classification -Kaspersky Daily
    8 months ago
    Superfish: adware preinstalled on Lenovo laptops
    8 months ago
    Russian-speaking cyber spies from Turla APT group exploit satellites
    8 months ago
    Latest News
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
    3 days ago
    Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
    4 days ago
    W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
    6 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023)
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro released and the 128 GB version already sold out at the online Microsoft Store [Updated]
    8 months ago
    Windows 11 build 22622.590 (KB5017846) outs in the Beta Channel
    8 months ago
    How to protect computer from virus and hackers on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    3 months ago
    Now you can speed up any video in your browser
    3 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    4 months ago
  • How To
    How ToShow More
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    1 day ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    1 day ago
    How Oxy uses hooks for maximum extensibility
    How Oxy uses hooks for maximum extensibility
    2 days ago
    The personal threat landscape: securing yourself smartly
    2 days ago
    Announcing new Windows 11 innovation, with features for secure, efficient IT management and intuitive user experience
    5 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Two types of free gifts Vkontakte
    7 months ago
    YoptaScript
    7 months ago
    iPhone 11 update breaks AirDrop
    7 months ago
    Latest News
    How to enable new header UI for File Explorer on Windows 11
    4 days ago
    How to enable free VPN on Microsoft Edge
    6 days ago
    How to use Ventoy to create bootable USB of Windows 11, 10
    6 days ago
    How to fix internal drive detected as removable storage bug on Windows 11
    7 days ago
  • Glossary
  • My Bookmarks
Reading: How Instagram accounts get hijacked
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Threats

How Instagram accounts get hijacked

Tom Grant
Last updated: 13 October
Tom Grant 8 months ago
Share
6 Min Read


(Post updated on August 29; Instagram has introduced applying for verification)

Contents
Hijack method No. 1: Fake verificationHijack method No. 2: Plain old phishingHow to protect against Instagram hijacking

Instagram is not just the second most popular social network in the world. It’s also a means of income for numerous photo bloggers, models, and other Internet celebrities. Eye-catching accounts with many thousands of followers are of interest not only to fans, but also cybercriminals. If such an account is stolen, the consequences can be nasty. But how exactly do Instagram accounts get hijacked, and how can you avoid yours getting snared?

Hijack method No. 1: Fake verification

You’ve probably noticed a blue tick next to some Instagram accounts, a . Until very recently, these status symbols were worn by accounts belonging to celebrities, large companies, and popular bloggers. The sacred badge is especially important for accounts with large audiences because it adds prestige and distinguishes these accounts from fake ones. Getting hold of a badge wasn’t that easy: There was no application form or “badge store”— the social network decided for itself who to award them to.

However, Instagram recently changed its policy regarding verification, and now you can request verification from the app (to do that, go to Settings -> Request Verification) and get the badge if your account meets the necessary criteria.

This change was implemented quite recently — on August 28, 2018 — and many users don’t know exactly how to get the cherished blue tick. Scammers are, of course, exploiting that, creating sites that masquerade as Instagram help center pages and request details from Instagram users such as their username, password, e-mail address, full name, and date of birth — all for the promise of a badge.

Having entered this data, the unsuspecting user is told to wait 24 hours for a decision, and not to change their account settings during this period. The information goes straight to the attackers, while the user just sits and waits, unaware that their account is now compromised.

This method can also be used to get personal information belonging to the victim, which can help the cybercriminals bypass two-factor authentication processes. To do this, criminals display a message saying that the support service may contact the account owner to clarify their details. When the “support service” does make contact, it’s the scammers themselves asking for an SMS code or other security information. They might also send a fake support service message requesting information supposedly needed for verification, which they can use when dealing with the real support service behind the account owner’s back (the data requested might include, for example, a photo or other data that the genuine service might ask for).

Hijack method No. 2: Plain old phishing

Scammers are also continuing to use common phishing techniques to lure victims to a fake login or password reset page. For example, they might send a scary message saying that a user’s account has been hacked or that their login credentials need updating, or simply offer to “rate a photo” which supposedly requires the user to login to the social network.Example of a phishing page mimicking an Instagram login

Example of a phishing page mimicking an Instagram login

With more than a billion users worldwide, Instagram has long been a target of choice for all kinds of scammers. Having hijacked an account, they get access to the user’s personal information and messages. Not only that, the account can be used to spread spam, phishing, and malicious content. Quite often, on taking possession of an account, the attackers change the handle, profile photo, and e-mail address and phone number to which it is linked. That makes it nearly impossible for the true owner to restore access to their Instagram account.

How to protect against Instagram hijacking

As always, prevention is better than cure — especially if a cure is next to impossible. By observing these simple rules, you can stay safe:

  • Don’t click on suspicious links.
  • Always check the address bar for the URL of the Web page. If instead of Instagram.com it says something like 1stogram.com or instagram.security-settings.com, get out of there quick, and don’t even think about entering any personal data.
  • Use the official social network app from the official store — such as Google Play for Android, or App Store for iOS.
  • Don’t use account login credentials for authentication on third-party services and apps.
  • Use a reliable security solution that sifts out suspicious messages and blocks phishing pages. Kaspersky Internet Security can handle that task for you.

Lastly, check out our post on how to configure Instagram properly. It’s a must-read for Instagram users.


Source: kaspersky.com

Translate this article

TAGGED: Apple, Authentication, Google Play, Phishing, PoC, Security, Split tunneling, Threats
Tom Grant October 13, 2022 October 7, 2022
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
Windows 1 day ago
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
Windows 1 day ago
How Oxy uses hooks for maximum extensibility
How Oxy uses hooks for maximum extensibility
Apps 2 days ago
The personal threat landscape: securing yourself smartly
How To 2 days ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Wordpress Threats 3 days ago

Recent Posts

  • Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
  • NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
  • How Oxy uses hooks for maximum extensibility
  • The personal threat landscape: securing yourself smartly
  • Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)

You Might Also Like

Windows

Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16

1 day ago
How Oxy uses hooks for maximum extensibility
Apps

How Oxy uses hooks for maximum extensibility

2 days ago
How To

The personal threat landscape: securing yourself smartly

2 days ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Wordpress Threats

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)

3 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

How to enable new header UI for File Explorer on Windows 11
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
Announcing new Windows 11 innovation, with features for secure, efficient IT management and intuitive user experience
How to enable free VPN on Microsoft Edge
How to use Ventoy to create bootable USB of Windows 11, 10
Announcing Cohort #2 of the Workers Launchpad
Previous Next
Hot News
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
How Oxy uses hooks for maximum extensibility
The personal threat landscape: securing yourself smartly
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?