“Nightmare” Social Engineering Scams Target Instagram Users

Photo Depicting Smartphone Social Media Use

A new wave of elaborate socially engineered impersonation scams is on the rise, and it threatens to compromise the livelihood of Instagram users.

Vancouver-based online newspaper Daily Hive recently reported on one such attack involving a local jewelry designer. A hacker used deception to gain access to her Instagram account and banked on her reputation to con others.

How the Scam Works

Social engineering scams on social media often rely on getting you to click on a link that will install malware on your device.

In the case of Vancouver-based jeweler Anita Sikma, she received a message from a friend asking for help to log back into her Instagram account. Sikma obliged, unaware that her friend’s account had been hacked.

Unlike most social media takeover attacks, Sikma didn’t have to click on any link. She simply forwarded a screenshot of a text she received from a five-digit number to the scammer posing as her friend. This was apparently enough to give the hacker access to her account.

Soon after, Sikma received an email from Instagram alerting her that someone in Toronto had just logged into her account. She attempted to alert Instagram about the unknown login, but the scammer quickly hijacked her accounts. They changed the contact details associated with her personal and business accounts.

Daily Hive sent a follow request to the scammer on Instagram, and they attempted to repeat the same scam, the report said.

Compromised Account Promotes Bitcoin Investment Scam

After robbing Sikma of her customer base and business portfolio, the scammer capitalized on her reputation to advertise bitcoin mining, posting images of a wallet balance and a luxury car.

The posts appear to be part of attempts to lure her followers into Bitcoin investment scams. They recommended third-party coaches who can supposedly help anyone make high yields from Bitcoin mining.

The scammers also impersonated Sikma to her clients, offering to sell a ring from her collection.

Daily Hive journalist Megan Devlin, who investigated and wrote about this story, tweeted a direct message the hacker sent to one of Sikma’s clients. “Hey man, can I give you a rough quote for the other pieces you were inquiring about,” it said.

Sikma told the online newspaper that she found it scary. “It’s creepy…just knowing this person is messaging everybody on my contacts list, just picking up conversations that were left off with clientele and impersonating me asking for money,” she said.

Daily Hive journalists could not get a response from the scammer, who shut down their accounts once they discovered their scheme was exposed.

Sikma Regained Access Thanks to a Meta Employee

Thankfully, an employee of Instagram’s parent company, Meta Platforms Inc., could help Sikma regain access to her account after Daily Hive contacted the company. Instagram has systems in place to prevent situations like this, however, much more needs to be done, a Meta spokesperson told Daily Hive.

There were no further comments from Meta about Instagram account takeover scams, or whether they would implement any additional measures to fight fraud, the report said. The spokesperson advised Instagram users to use strong passwords, enable two-factor authentication, and revoke access to unverified third-party apps.

Increase in Instagram Account Takeovers

Since October 2021, there has been a sharp rise in Instagram account takeover scams, according to the Identity Theft Resource Center (ITRC). The ITRC says the number of inquiries about hacked Instagram accounts has increased fourfold in recent months.

Meanwhile, the Canadian Anti-Fraud Centre (CAFC) has said it is aware of localized cases of Instagram scams, most of which involve Canadians falling for deceptive cryptocurrency ads.

In 2021, investment scams in Canada resulted in a total loss of $164 million, according to the CAFC. In the US, the Federal Trade Commission recorded 95,000 reported cases of social media scams in 2021, and $770 million in losses.

The average cost of a hacked Instagram account is about $45 on the dark web, while personally identifiable data (PII) such as Social Security numbers and email addresses (SSN) cost about $2.

To stay safe on social media, avoid clicking on any link that seems suspicious. This includes links that are sent to you by strangers, or even links from friends that have odd attributes. Be vigilant of scammers posing as friends or family to hack your account.

Check out this article to learn about the top scams on Instagram and how to avoid them.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.