Phishing Attack on Instagram with Fake Photo Link, IT Security News, ET CISO
People receive leading messages on social media platform with spurious links, which when clicked lead to hacking of account.
Bengaluru police have asked people to be on the alert as another phishing attack spree has been launched on the social media platform Instagram.
In the latest scam, people are receiving texts on Instagram with a link and a question that says, “is this your photo?”
Curious to know if it’s their photo, many people click on the link.
When you click on the link, it leads you to another webpage which looks very similar to Instagram login page. Police said that convinced by the looks of the website and curious to know if someone else is posting their photos, people are putting their credentials on the fake website.
After they put their ID password, their account is getting hacked. Cyber security experts say that people used to get duped back even when the internet was not accessible to everyone and the same holds true for today as well.
In the last decade, the penetration of technology in the households was limited and access to mobile devices and home computers was not common. The systems at that time were quite hackable and the need to scam people was not necessary.
But today these multi-billion-dollar companies have made the security of these devices resilient to a level that for an average cyber criminal, it is excruciatingly tough to hack into these systems which has made these cyber criminals turn to different methods of gaining unauthorized access to peoples’ devices, for example, phishing, the expert said.
“Though companies and governments have taken steps towards creating awareness about common phishing campaigns and how to protect oneself, these cyber criminals have to prove time and again that the problem still remains — humans can be easily duped,” said the cyber security expert.
He added that some simple steps can be taken in order to mitigate such issues, like always be cautious with unexpected emails or messages. For example, you may receive an email stating, “Your Instagram account password has expired. Please change your password to maintain access to your account.” Upon clicking the link, you’re redirected to a website that requests your username and password. Without realizing it, you’ve been hacked.
These scams often leverage the resemblance to the original website. However, you can often differentiate between legitimate and fraudulent emails/websites by checking the email address and domain name respectively. For instance, if the legitimate email address is @instagram.com, the phishing email might have a variation like @instagraam.com, indicating its fraudulent nature.
Also, always make sure in case you receive a WhatsApp message from a bank asking you to take some action, make sure the account is verified (green tick).
“Make sure to never trust anyone unknown and if you have to take any action about which you are confused, it’s better to consult someone or look up the entity online. Lastly we need to understand the fact that in this age of information and technology, the devices and systems we use daily have become so advanced that it makes us the only weak link in this system, so we should keep ourselves updated about these phishing scams that happen every now and then along with creating awareness about them as well,” he added.