There a new Instagram scam that can trick you to giving up your password and getting your account hacked.
Social media giants including Instagram have been taking several steps to safeguard the platform from scam but just like them, scammers and hackers are also devising new ways to scam and hack accounts of the unsuspecting public.
Instagram, a popular photo-sharing service owned by Facebook is one of the platforms where a scam has been making rounds and Sophos, a computer security firm has warned users against it. Sophos claims that hackers are this time spreading a scam that falsely tells users that they are violating the Instagram copyright laws.
As an active Instagram user or have a verified profile, you don’t want to see a copyright infringement email or a message coming from Instagram that may permanently or temporarily deactivate your account. Now this tempts the users to click on the click in the mail, which leads to them becoming a part of the scam.
The website shared a screen shot showing the false message of copyright infringement comes with an ‘Instagram’ logo on top followed by a text message saying ‘We’ve detected contents in your account that will violate copyright laws. Your account will be deactivated within 48 hours unless you provide feedback. As Instagram, we respect copyrights and take care to
protect copyrights.’ This message is followed by a button that says ‘Appeal’.
To make it look more legit, the message in the browser shows the URL starting with https://instagram.copyrightinfringementappeal… However, as explained by Sophos, if you get the right to use a domain such as example.com, you can also create subdomains such as www.example.com, anytext.youlike.example.com or even instagram.copyrightinfringementappeal.example.com And since the URL is so long, it doesn’t show the full link on the address bar of the phone. Because the user just sees nothing more than “https://instagram.copyrightinfringement…” he/she believes it to be a legit message from Instagram.
Once you click, the next web page asks to give your username, birth date and the password to make sure it’s you. These boxes will now give hackers the information as you feed it. Once you feed the information, the page shows a ‘bogus’ web page showing the loading animation followed by a green tick with a message ‘Your copyright objection notice has been submitted. You will be contacted by email after 24 hours.’ After this, the users will be navigated to the real Instagram login page.
How does the real Instagram remove the content?
When Instagram wants to notify you that a content you shared has been removed, users get a notification from Instagram featuring the name and the email address of the person who reported the post. If users think the content shouldn’t be removed, they can follow up with them to resolve the issue.
One can also tap on the URL and see the entire link to check if its a legit link or not. Users can also check the email sender’s address before clicking the link to be sure it is indeed and Instagram link.