Instagram Accounts with High Follower Counts Targeted in Phishing Scheme
Cybercriminals have been hijacking Instagram accounts of high-profile users, and then extorting them for restored access.
This is not surprising, actually. Instagram hacking has become an increasingly popular occurrence. Criminals have gotten much better at finding new and creative ways to compromise accounts.
Influencers are common targets because they can be tricked by the fake branding offers. Then, before you know it, they’re paying a large sum of money to restore their account.
Cybersecurity firm SecureWorks discovered this new hacking campaign, which targets mostly corporate Instagram accounts and influencers with large follower counts, using phishing techniques to victimize unsuspecting targets.
The scam usually starts with the hacker sending a notice to the victim that is styled to appear like it came from Instagram. The notice warns the user that a photo in their account has led to copyright infringement and their account is at risk to be terminated.
If the user clicks on the fake notice, they are then redirected to a malicious page that appears to be an Instagram login page. If the user tries to log in on this bogus page, the cybercriminals use these credentials to hijack the account.
After the hacker gains access, the account username and password is changed. The account bio is also changed to read: “this Instagram account is held to be sold back to its owner”. Next to the new bio, a WhatsApp domain and contact number is placed so that the victim can negotiate the terms of the ransom. Hackers have also been so bold as to have directly called the victim using the phone number listed in their account details.
The hackers responsible for this attack appear to be based in Turkey, and are known as “pharabenfaraway”. These attacks have been occurring since August, and affected accounts have been sold back to their rightful owners for up to $40,000.
In an effort to thwart these types of attacks, research have developed a list of the indicators of compromise. You can read the IOCs by clicking here.
Story via Gizmodo
