Ray-Ban glasses with 90% discount which says a fake ad that is spreading on Instagram. The post is made without authorization and takes users by surprise. The source may be in a phishing scam, which steals passwords and uses to make publications, or in malicious apps with access to the social network login. Did it happen to you? Understand the cause of the mysterious post and learn how to protect your profile.
Seven tips to protect your Instagram from trolls and attacks
Posts with a fake discount of up to 90% on Ray-Ban glasses are spread on Instagram Photo: Nicolly Vimercate / dnetc
The number of searches for the term Ray-Ban Instagram has been growing in Brazil since the beginning of May this year, as shown by the Google Trends report. When analyzing searches around the world, the increase in interest in the topic goes back to the first days of April and remains high.
This type of attack, however, is not new on social networks, especially using the brand name of sunglasses. Reports published on international news sites speak of similar scams on Facebook since 2012. Ray-Ban itself is not surprised by the repercussions of the supposed discount. According to the company, spam is frequent and the scheme is more elaborate than it seems.
Search for "Ray-Ban Instagram" increased in April 2018, according to Google Trends Photo: Reproduo / dnetc
In addition to these posts that appear, there are online stores of fake Ray-Ban products that only work for 24 hours. The strategy does not allow time for justice to bring down the store, the company spokesman said.
Why was my account hacked?
Based on user reports, the accounts that posted such a message had some vulnerability and were somehow hacked by cybercriminals. Why does it happen? Security analysts work with some assumptions. As Kaspersky Lab analyst Thiago Marques explains, this can happen through the use of passwords that can be easily broken, by phishing / malware attacks that aim to steal credentials, or also by malicious applications already installed on the victim's cell phone. and that they are already linked to the user's account, allowing the criminal's action.
To avoid falling for scams on the Internet, in general, the simple tip: be wary. Below-normal prices, payment terms that do not exist in other stores, outrageous discounts are baits used by criminals.
This is also Ray-Ban's recommendation: the main guideline is to be suspicious of very low prices, explains Werner Gropp, brand manager in Brazil. Many of these sites and stores with fake products advertise promotions with 70%, 80% discount and this type of offer simply does not exist with original products. The manager points out that, if the consumer is in doubt, it is worth taking a look at the values suggested on the official website of the brand or even calling the customer service, which will find out if the offer that appears on Instagram is from a point purchasing officer.
Instagram shows message connected apps account Photo: Reproduo / dnetc
The tip is also useful to avoid phishing scams, already identified as one of the causes of the recent wave of spam. These attacks use the social engineering technique: a bait sent with a link via email, WhatsApp or, in this case, Instagram and Facebook. Anyone who sees the super-promotion is immediately interested, clicks and gives personal information, logging into the social network on a fake page, for example. this way the criminal steals user data and uses the password to make posts of the offer with more links and deceive more people.
The head of ESET's Research Lab in Latin America Camilo Gutierrez explains: as these messages are widely shared, campaigns go viral. Many users also, several times, share the messages without taking the precaution of verifying their origin, just because they are interesting and at that point they win out and reach millions of users in a short time.
Instagram also attributes posts to phishing attacks. Questioned by dnetc, the social network highlighted its concern for the safety of users, but has not confirmed whether there is a specific investigation into the Ray-Ban case.
The safety of the Instagram community is our priority. One or more individuals gained access to Instagram accounts using phishing practices and used them to post content considered spam. We are taking steps to combat and prevent this type of practice. We encourage people to be alert about the security of their accounts, not accepting suspicious requests, clicking on links or opening dubious messages, says the official Instagram statement.
Fake post about Ray-Ban on Instagram takes users by surprise Photo: Reproduo / dnetc
When consulted by dnetc, Brazilian users who had the profile used for Ray-Ban's fake advertising guaranteed that they did not click on suspicious links recently. It's just that they have something in common on their phone: third-party apps for managing Instagram. This is the second hypothesis of experts in digital security.
The messages are propagated through compromised social network accounts, which attackers are often able to control using apps or add-ons associated with the social network profile and to which the user grants permission, without being aware of the accesses he is providing, explains Gutierrez .
In this case, to protect yourself, it is important to review the applications that have access to both Instagram and Facebook accounts, as they work in an integrated manner. This tutorial teaches how to remove applications from Facebook and here you can learn how to change the permissions of apps connected to the Instagram.
Those who have not clicked on suspicious links or have apps associated with Instagram, may be in another group of easy prey: those who use passwords that are simple to discover. This group is quite large: qwerty and 123456 are the most used passwords among the more than 61 million analyzed by the Virginia Tech Department of Computer Science and Dashlane Analysis. The survey was released in May this year.
Click the "x" to remove an application on Facebook Photo: Reproduo / Nicolly Vimercate
To avoid having your account hacked, it is therefore important to ensure a strong password. Always use a secure password, which has uppercase and lowercase letters, numbers and special characters, and has no direct relationship with you (such as birthdays and anniversaries). This makes it very difficult for attacks from the brute force, which are normally used by attackers, advises Tiago Marques, from Kaspersky.
My account has already been hacked: what to do?
Instagram may notify user of suspected attempt to access account Photo: Reproduo / Instagram
Whoever was one of the victims and received several notices from friends that a suspicious image had been published on his profile, must follow some guidelines to strengthen the security of the Instagram account.
The first one changes the password immediately, giving preference to complex combinations. Then, the user must activate authentication in two steps, both on Instagram and Facebook, thus receiving a notification on the mobile phone when there is an access in his account.
Removing suspicious apps that are allowed to connect with the Facebook and Instagram account is also recommended, since that is how malicious apps usually make improper posts on the profile.
If doubts remain, it is also worth reviewing previous activities. On Facebook, for example, you can see everything that has been posted and liked to identify if something suspicious has happened. J Instagram allows you to see all logins made in the profile, accompanied by date and time.
Finally, there is the tip of common sense. The Internet is full of scams and whoever believes in the tale of the Ray-Ban super offer for 10% of the price, gain followers easily or any other promotion has a great chance of falling.
* Anna Kellen Bull collaborated
WhatsApp: five tips for using the app safely