contador web Skip to content

Instagram scam promises verified account but steals personal data | Social networks

Instagram users are facing a phishing scam that promises to give the verified account seal in exchange for social network credentials. The scam takes place through a website that simulates the Instagram verification stamp requirement page. By entering login and password, victim data fall into the hands of criminals. The fraudulent page was discovered by researcher Luke Leal and posted in an official blog post by Sucuri, a digital security company, last Wednesday (26).

READ: Instagram releases function in Brazil and new look in June

Instagram verified account Photo: Nicolly Vimercate / dnetcInstagram verified account Photo: Nicolly Vimercate / dnetc

Instagram verified account Photo: Nicolly Vimercate / dnetc

Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc

In an interview with Threat Post, researcher Luke Leal shared that he suspects that the verified account fraudulent form is being shared on Instagram via Direct messages. When accessing the suspicious domain, the page requires social network account credentials to apply for the blue seal. In addition, the fake site claims to need the email address and password of the email linked to the Instagram profile to confirm user information.

The purpose of the phishing scam is not only to steal account credentials on the social photo network, but also to prevent the victim from logging in to the profile again. That's why the fraudulent page asks for the email password: If Instagram detects a suspicious account access when the criminal enters the stolen data, he can prove its alleged veracity by accessing the victim's email.

Fraudulent domain promised to Instagram account seal but was used to steal data Foto: Reproduo / Mirella StivaniFraudulent domain promised to Instagram account seal but was used to steal data Foto: Reproduo / Mirella Stivani

Fraudulent domain promised to Instagram account seal but was used to steal data Foto: Reproduo / Mirella Stivani

If the criminal did not have the stolen account email data, Instagram would automatically lock the suspect out of profile, and allow only the real user to replay the account. Therefore, in possession of all credentials obtained through the fake website, hackers can invade accounts and permanently steal them.

The web page that spread the scam has been blocked, and from now on accessing the domain, the user is notified that this is a fraudulent address. It is important to know how to recognize fake websites. Simple tips, such as paying attention to the portal security protocol and URL, can help in user security.

How to have a verified Instagram account?

Requesting verification stamp Photo: Reproduction / Helito BeggioraRequesting verification stamp Photo: Reproduction / Helito Beggiora

Requesting verification stamp Photo: Reproduction / Helito Beggiora

The verified account request process on Instagram can only be accessed through the social photo network settings either through the iPhone (iOS) and Android app, or via the web version. To do this, simply go to Settings> Account> Request Verification.

The official Instagram form asks for a username, full name and a copy of an official photo ID, such as a driver's license or identity card. That is, the social network does not want confidential data, such as passwords, to provide the blue seal.

Also, Instagram never sends messages offering the verified account. If in doubt, contact the Help Center (help.instagram), and never click on unknown addresses.

Via Sucuri Blog and Threat Post

My Instagram does not appear the music function: what to do? Ask questions on the dnetc forum.

How to put music on Instagram Stories

How to put music on Instagram Stories