A new study has shown that cybercriminals are increasingly hijacking the Instagram accounts of popular users, and then blackmailing them, in order to return their accounts. Unfortunately, this is not surprising, because hacking Instagram accounts is a popular sport among cybercriminals, and as time goes on, they get better and better, finding new, creative ways to access other people’s accounts.
Influencers are increasingly targeted because they can easily fall into the trap of false sponsorship, where criminals present themselves as employees of a well-known brand, offering them enormous sums of money for advertising. If they succeed, the influencers are in trouble, because they have to pay large amounts of money to criminals, to get their accounts, or to other hackers, to try to get them back.
Campaign attacks Instagram accounts
Cyber security firm SecureWorks has noticed an entire campaign of attacks on Instagram accounts. The scheme used by hackers mainly targets corporate Instagram accounts and influencers who have a large number of followers, as these are groups to whom accounts are important and who are often willing to pay enormous sums of money to access their accounts.
Criminals most often use good old phishing methods to lure their potential victims and get the information to access their accounts. The scam usually starts when hackers send a notification to a user that is made to look like it is being sent by Instagram. The notice then states that the photo on the account infringes a copyright and that their account is about to be canceled.
The user is offered the option to fill out a complaint form, which is on the link leading to the information collection site. The site is designed to look like an Instagram login page, and if a user catches (phishing) and types in their username and password, criminals can use that information to appropriate accounts. See what it looks like in the image gallery below.
When you type in the code – it’s all over
After gaining access to the account, hackers change the password and username and write in the part for the user’s biography that the account has been appropriated, and that it can be sold back to its user. In addition to all this, there is usually a WhatsApp domain and a number that can be called or sent a message, in order to possibly negotiate with criminals about money.
Hackers are also known to directly contact account holders via the phone number listed in the account information. This is a rather brutal method of stealing an account, and no one wants to receive a message from an unknown number from the person who stole your account and who asks you to pay to get it back.
The hackers behind this campaign are most likely located in Turkey and are known as “pharabenfarway”, and they have been using this tactic since August 2021, when information appeared in the public that hackers were asking for $40,000 for a popular Instagram account.
Apart from common sense logic, there do not seem to be many ways to combat such threats. Suspicious messages, sites that lead to other sites that ask you to log in can always be problematic. To activate two-factor authentication wherever you can and be careful, especially with strange requests and warnings that ask you for login information at any time.