Scammers are using compromised Instagram accounts to phish for login credentials and earn money through survey scams. Instagram users posting photos with popular hashtags like #throwbackthursday are being targeted by scammers offering free Instagram followers. These scammers are using the offer to phish for Instagram login credentials and to drive users to survey scams.
The scam accounts are leaving comments on pictures found through popular hashtags like #throwbackthursday with links to an assortment of accounts advertising free followers.
These accounts have not posted any photos of their own and simply contain a short bio directing users to a link to get free likes and follows. They all follow the same naming convention:
The numbers climb all the way up to 343. It’s unclear if the scammers registered nearly 350 accounts or if those numbers are randomly generated. During our investigation, Symantec found over 40 active free follower accounts.
Phishing for Instagram accounts
If the user clicks through on the links found on these free follower accounts, they are redirected to a site that looks just like a real Instagram login page. However, it’s not the legitimate Instagram login page and is hosted on another site.
It seems likely that the scammers are capturing these Instagram login credentials in order to leverage more compromised accounts to drive traffic to their free follower accounts.
While most of the links Symantec found on these free follower accounts lead to phishing sites, some lead to a website offering free Instagram followers and likes. Ultimately, users are directed to a survey scam which is backed by an affiliate program.
This particular site called “Followers Now” asks for a username and the number of likes and followers the end user wants. It presents a fake console designed to trick the user into thinking that the website is legitimate and can deliver followers and likes to them. Before it does this, it prompts the user for human verification.
Human verification is a common theme used in survey scams. Scammers use this as a way to convince the user that they need to perform an action, in this case, filling out a survey, or installing an application on their phone before they can receive their prize, gated content, or free likes and followers. As you might expect, even if the user completes the survey, they never end up getting what they asked for.
When it comes to social media, nothing is ever truly free. Be wary of offers for free likes or followers on Instagram. If a link leads to a webpage that looks like Instagram, attempt to verify its legitimacy before logging in. It’s likely a phishing site trying to steal your account credentials. Finally, if you end up on a site that asks you to verify that you’re a human being, close the tab. During Symantec’s investigation, we discovered that the phishing site had an open directory, which hosted a file containing account credentials for nearly 500 Instagram users....