Instagram, new scam steals your account: how to protect yourself

For the past few days, influencers have been the target of a new scam attempt. Here's how it works and how to defend yourself

Are you an Instagrammer and already quite successful with a few thousand followers? Then you should be careful: you might become the ideal target for the latest scam that is running on Instagram. A scam that, if you take the bait, steals your profile and even access to your email address.

This is, in essence, a classic phishing email scam mechanism. But it's done well and many have already fallen for it. The experts at Kaspersky are sounding the alarm, having analyzed the new threat and provided some very simple advice on how to avoid losing your Instagram account.

How the Instagram account-stealing scam works

It all starts with an email from [email protected] (posing as Instagram's technical support). Embedded in the message is an image of your Instagram profile and a message warning you that you've violated copyright law and because of this, your profile will be deleted within 24 hours (in some versions of the email 48 hours).

Tragedy, for an Instagrammer. But the scam message offers the solution: verify the account and "appeal" the ruling. Clicking on the link then sends you to a page where you enter your Instagram username and password. But it's not an Instagram page, so if you do that you're giving away your account to the hackers.

After giving away the account, you can also give away the email because you're asked to complete the process by verifying the email address. Again, you have to enter (gift) your details. At the end of all this, when the hackers have stolen everything from you, you are sent to the home page of Instagram, the real one. Which, to the clueless user, makes it look like everything you've done so far is really a procedure run by the social.

How to defend yourself from Instagram account scam

The golden rule to defend yourself from scams, even this one, is always the same: use caution and attention. If you get such an email, don't click on any links. Always check the e-mail address from which the e-mail comes and the URL of the link (just put the mouse pointer on the link, without clicking). Never provide your Instagram profile login credentials (or any of your other online profiles) to apps or sites that are not well known, official and secure. Use two-factor identification both on Instagram and for email. Use a good security suite to automatically filter out scam messages.