Account security is always a concern when you put any kind of personal information out on the web. But a new generation of scammers is emerging, using a particularly devious combination of social engineering, cryptocurrency, and old-fashioned blackmail. The scam is becoming more common on Instagram, where popular account holders are targeted and forced to assist in swindling their followers with fake videos. The hacker is forcing account owners to make hostage-style videos promoting the hacker's money-making scams to try and get their money back. But instead of giving victims their cash back, the hacker then uses those videos to convince further victims that their scams are legitimate investments. (Source)
The news follows Motherboard reporting last week on how a scammer forced one victim to film a video with the promise of getting their money back after sending the fraudster Bitcoin. After filming the video, however, the scammer broke into the victim’s Instagram account and sent the video to their friends and posted it from their profile to try and scam others. Many Instagram users are getting in touch with Meta saying they’ve been hacked and forced to shoot similar videos, indicating the issue appears to be more widespread on the social network with victims describing personal, professional, reputational, and financial damage. (Source)
There are a few variations, but it essentially boils down to three steps. First, a malefactor gets ahold of an Instagram user’s account information, either via sending a phishing link with a fake login page or by finding a reused password from one of the near-constant security breaches already available. Then the thief contacts the account holder and forces them to record a video of themselves, recommending their followers invest money with “a friend.” The video claims that you can quickly triple your investment via Bitcoin or other get-rich-quick schemes. The criminal promises to return control of the account to its rightful owner upon completion. The victim posts the coerced video with a payment link, their followers are swindled out of huge sums of money via cryptocurrency or purchases or simple money transfers, and the criminal disappears — generally without returning the Instagram account. (Source)
This new form of socialized theft is particularly distressing, as it forces the victim to become an active participant in stealing from their followers. With Bitcoin and other cryptocurrencies currently receiving a shot of legitimacy via national advertising campaigns from crypto exchanges, not to mention constant news of crypto booms in economic circles, it’s no wonder that social media users are particularly ripe targets. Combining that opportunity with forced endorsements from victims, and taking advantage of Instagram’s sometimes labyrinthian account recovery systems, is proving a particularly nasty and effective technique.
The best way to protect yourself is to stay vigilant against phishing techniques, enable two-factor authentication, and to use password discipline, never repeating login credentials from one website to another. An easy way to up your personal security online is to start using a password manager. (Source)
Feel free to reach out to us if you have any questions or concerns! Our cybersecurity professionals will be more than happy to help you with anything you need. Book an appointment with us today!