Many high-profile accounts on Instagram are being targeted by phishing and ransomware attacks, sadly, there is evidence that many people are paying the attackers.
Hackers are gaining access to accounts via phishing scams; posing as personal representatives from well-known branding companies, they are contacting the victim with a proposal to start a partnership.
The scam works by sending a link of their own Instagram page to the victim, but this link in a fraudulent login portal, once it is clicked, the victim is asked to give their login details, which of course, is what the cybercriminal wants.
The scammer then sends a message to the victim telling them that they have held their account ‘captive’ and won’t release it until they pay the demand, usually in bitcoins or they will delete their account. You can image that this is devastating to a high-profile business or online influencer, that has cultivated many followers, built up over time.
Many victims pay the ransom demanded (usually a few hundred pounds) to stop their much-valued account being deleted. They could open a new account but would have to start again to build up all the followers.
Cruelly though, many victims had their accounts deleted even though they paid the ransom.
These types of scams can be avoided by using a two-factor authentication. This is when you must not only login in with your password but also a code is sent to you via email or text to your phone, thus the hackers would have no way to get to the second authorisation code. This is something that should be set up by default on high-profile accounts.
Instagram does have this facility, but it is not set as default, users must manually create this security measure themselves.
As we all know, it is a bit of a trial to use the two-factor authorisation approach, as it takes up a bit more time, but so worth it in the end in protecting your valued accounts.