By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    What is a rootkit and how to remove it
    1 year ago
    The Mask – Unveiling the World’s Most Sophisticated APT Campaign
    1 year ago
    Regin APT Attacks Among the Most Sophisticated Ever Analyzed
    1 year ago
    Latest News
    Is macOS as secure as its users think?
    20 hours ago
    High Severity File Upload Vulnerability in Elementor Patched
    22 hours ago
    Letters with Remcos RAT hosted in Discord
    2 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
    2 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    For 0-day vulnerabilities in Windows, temporary patches
    1 year ago
    Windows 11 22H2 (build 22621.317) outs in the Release Preview Channel
    1 year ago
    How to avoid problems installing Windows 11 22H2
    1 year ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    10 months ago
    Now you can speed up any video in your browser
    10 months ago
    How to restore access to a file after EFS or view it on another computer?
    10 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    11 months ago
  • How To
    How ToShow More
    ML Ops Platform at Cloudflare
    ML Ops Platform at Cloudflare
    2 days ago
    La nouvelle décision en matière de droit d’auteur en Allemagne rejette le blocage par le biais des résolveurs DNS mondiaux
    La nouvelle décision en matière de droit d’auteur en Allemagne rejette le blocage par le biais des résolveurs DNS mondiaux
    3 days ago
    How we used OpenBMC to support AI inference on GPUs around the world
    How we used OpenBMC to support AI inference on GPUs around the world
    3 days ago
    Latest copyright decision in Germany rejects blocking through global DNS resolvers
    Latest copyright decision in Germany rejects blocking through global DNS resolvers
    4 days ago
    Restricted Settings in Android 13 and 14
    4 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to move Copilot Taskbar button to System Tray on Windows 11 (preview)
    1 month ago
    Google Keyboard has received a convenient mode from iPadOS – it’s brilliant! In the latest version
    Google Keyboard has received a convenient mode from iPadOS – it’s brilliant! In the latest version
    4 weeks ago
    How to disable Windows 10 Copilot from Taskbar
    2 weeks ago
    Latest News
    How to check GPU temp on Windows 11
    1 day ago
    How to disable Defender Antivirus permanently on Windows 11
    2 days ago
    How to check CPU temp on Windows 11
    4 days ago
    How to disable news feed from Widgets on Windows 11
    5 days ago
  • Glossary
  • My Bookmarks
Reading: How Instagram accounts get hijacked
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Threats

How Instagram accounts get hijacked

Tom Grant
Last updated: 13 October
Tom Grant 1 year ago
Share
6 Min Read


(Post updated on August 29; Instagram has introduced applying for verification)

Contents
Hijack method No. 1: Fake verificationHijack method No. 2: Plain old phishingHow to protect against Instagram hijacking

Instagram is not just the second most popular social network in the world. It’s also a means of income for numerous photo bloggers, models, and other Internet celebrities. Eye-catching accounts with many thousands of followers are of interest not only to fans, but also cybercriminals. If such an account is stolen, the consequences can be nasty. But how exactly do Instagram accounts get hijacked, and how can you avoid yours getting snared?

Hijack method No. 1: Fake verification

You’ve probably noticed a blue tick next to some Instagram accounts, a . Until very recently, these status symbols were worn by accounts belonging to celebrities, large companies, and popular bloggers. The sacred badge is especially important for accounts with large audiences because it adds prestige and distinguishes these accounts from fake ones. Getting hold of a badge wasn’t that easy: There was no application form or “badge store”— the social network decided for itself who to award them to.

However, Instagram recently changed its policy regarding verification, and now you can request verification from the app (to do that, go to Settings -> Request Verification) and get the badge if your account meets the necessary criteria.

This change was implemented quite recently — on August 28, 2018 — and many users don’t know exactly how to get the cherished blue tick. Scammers are, of course, exploiting that, creating sites that masquerade as Instagram help center pages and request details from Instagram users such as their username, password, e-mail address, full name, and date of birth — all for the promise of a badge.

Having entered this data, the unsuspecting user is told to wait 24 hours for a decision, and not to change their account settings during this period. The information goes straight to the attackers, while the user just sits and waits, unaware that their account is now compromised.

This method can also be used to get personal information belonging to the victim, which can help the cybercriminals bypass two-factor authentication processes. To do this, criminals display a message saying that the support service may contact the account owner to clarify their details. When the “support service” does make contact, it’s the scammers themselves asking for an SMS code or other security information. They might also send a fake support service message requesting information supposedly needed for verification, which they can use when dealing with the real support service behind the account owner’s back (the data requested might include, for example, a photo or other data that the genuine service might ask for).

Hijack method No. 2: Plain old phishing

Scammers are also continuing to use common phishing techniques to lure victims to a fake login or password reset page. For example, they might send a scary message saying that a user’s account has been hacked or that their login credentials need updating, or simply offer to “rate a photo” which supposedly requires the user to login to the social network.Example of a phishing page mimicking an Instagram login

Example of a phishing page mimicking an Instagram login

With more than a billion users worldwide, Instagram has long been a target of choice for all kinds of scammers. Having hijacked an account, they get access to the user’s personal information and messages. Not only that, the account can be used to spread spam, phishing, and malicious content. Quite often, on taking possession of an account, the attackers change the handle, profile photo, and e-mail address and phone number to which it is linked. That makes it nearly impossible for the true owner to restore access to their Instagram account.

How to protect against Instagram hijacking

As always, prevention is better than cure — especially if a cure is next to impossible. By observing these simple rules, you can stay safe:

  • Don’t click on suspicious links.
  • Always check the address bar for the URL of the Web page. If instead of Instagram.com it says something like 1stogram.com or instagram.security-settings.com, get out of there quick, and don’t even think about entering any personal data.
  • Use the official social network app from the official store — such as Google Play for Android, or App Store for iOS.
  • Don’t use account login credentials for authentication on third-party services and apps.
  • Use a reliable security solution that sifts out suspicious messages and blocks phishing pages. Kaspersky Internet Security can handle that task for you.

Lastly, check out our post on how to configure Instagram properly. It’s a must-read for Instagram users.


Source: kaspersky.com

Translate this article

TAGGED: Apple, Authentication, Google Play, Phishing, PoC, Security, Split tunneling, Threats
Tom Grant October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Is macOS as secure as its users think?
Threats 23 hours ago
High Severity File Upload Vulnerability in Elementor Patched
High Severity File Upload Vulnerability in Elementor Patched
Wordpress Threats 1 day ago
How to check GPU temp on Windows 11
News 1 day ago
ML Ops Platform at Cloudflare
ML Ops Platform at Cloudflare
Apps 2 days ago
Letters with Remcos RAT hosted in Discord
Threats 2 days ago

You Might Also Like

Threats

Is macOS as secure as its users think?

23 hours ago
High Severity File Upload Vulnerability in Elementor Patched
Wordpress Threats

High Severity File Upload Vulnerability in Elementor Patched

1 day ago
ML Ops Platform at Cloudflare
Apps

ML Ops Platform at Cloudflare

2 days ago
Threats

Letters with Remcos RAT hosted in Discord

2 days ago
Show More

Related stories

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
BridesMaid – neuron writes toasts For those very occasions when you need to give out a powerful
The other day Yandex pleased us with the announcement of a new Midi station – an excellent reason to listen
REMIX – remixes of pictures from neural networksCreate, share and correct works
How to download Diablo IV for free and absolutely legallyBlizzard has opened a free
Rostelecom employees were forced to abandon Android and iOS in favor of Aurora.
Previous Next

10 New Stories

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
Check out The Critical Thinking Podcast
How to disable Defender Antivirus permanently on Windows 11
WordPress 6.4.2 Security Release – Patchstack
La nouvelle décision en matière de droit d’auteur en Allemagne rejette le blocage par le biais des résolveurs DNS mondiaux
How we used OpenBMC to support AI inference on GPUs around the world
Previous Next
Hot News
Is macOS as secure as its users think?
High Severity File Upload Vulnerability in Elementor Patched
How to check GPU temp on Windows 11
ML Ops Platform at Cloudflare
Letters with Remcos RAT hosted in Discord
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?