Turkish hackers target popular Instagram profiles in a new phishing campaign
- Hackers are targeting those individuals who have more than 15,000 followers on Instagram.
- They get the victims’ account details through phishing and later hijack their profile.
A group of hackers from Turkey are targeting high-profile and popular Instagram users in a new phishing campaign. The victims that are part of this scam range from famous actors, singers to owners of startup companies like photoshoot equipment rentals.
How do they operate - As per Trend Micro, the hackers are targeting those individuals who have more than 15,000 followers on Instagram. They get the victims’ account details through phishing and later hijack their profile. Once the victims try to reach the hackers, they are threatened that their private photos and video will be leaked, if a ransom is not paid.
How do they deceive their targets - In order to trick the users into revealing their credentials, the hackers pretend to be from ‘Instagram Verify Team’. The bad actors ask them to fill up some specific questions in order to obtain a confirmation/certified badge. Once the users click the ‘Verify account’, they are redirected to a phishing site that asks for their personal data such as date of birth, email and credentials. Once hackers have access to the victims’ data, they use it to modify their Instagram profiles.
“After some time, the phishing page will be diverted to Instagram’s website. This is a common tactic in phishing. It’s likely that the victim would already be logged in with cookies, so the victim may just be diverted to his Instagram profile. Since we tested the phishing kit in a clean environment, we only got Instagram’s login page,” Trend Micro noted.
However, this is unknown to the users and are under the impression that they will a confirmation badge.
In some cases, the hackers changed the profile name to indicate that it was hacked. The email associated with the profile was also modified to make clear about their intention.
Why it matters - Given the huge popularity of social media platforms among a wide range of people, experts believe that such types of scam will continue to grow in the future. Hence, users should be cautious and should not share their personal details with any verification team as Instagram never asks for such information.