Instagram Phishing: What It Looks Like and How to Avoid It [+ What to Do If You’ve Been Phished]

You receive an unexpected email from Instagram. It claims something’s wrong or needs your immediate attention. Then, how lucky — that email has a convenient link for you to click and sort everything out. But…to proceed, you have to fill in your login credentials or even financial information. If you did follow such a link someday, you had fallen prey to an Instagram phishing scam. Want to know more about what kind of beast we’re dealing with and how to slay it? Read along to find out.  

What is Instagram phishing? 

Let’s start with the basics. Phishing is a scam where hackers use facets of human nature, like fear, greed, curiosity, sense of urgency, to access private or sensitive information. Instead of a brute force attack, a cybercriminal poses as a familiar face or legitimate company and urges you to act. In our case, hackers can impersonate someone on Instagram, like its representatives, to lure you into a false sense of security. They can send you a DM saying there’s a problem with your account and you have to click the link to solve it. And if you take the bait, the phisher nets your sensitive information and can even spy on your phone.

Examples of phishing scams on Instagram

Cybercriminals most often pull their Instagram scams posing as support agents. But their creativity can run wild.

So, let’s take a closer look at models scammer usually use to pull off a phishing attack on Insta:

1. Impersonating an official account and contacting you via DM or email with a warning or request for information. 

Although the email looks like a real thing, we can see that the address it was sent from is nowhere near the official addresses of Instagram/Facebook — @mail.instagram.com or @facebookmail.com. So while that email in your inbox claiming to be from Instagram may seem legitimate at first, clicking on any links within it could put both you and your account at risk. 

2. Making you a tempting offer and providing a link that directs you to a website scammers control. There they ask you to fill in your personal information, and once you enter it, a scammer can seize control of your account. Ever noticed a stranger tagging you in posts about winning, say, a free iPhone 13? Yeah, the only thing you won in this case is the stress from recovering your profile. 

3. Launching a giveaway via a fake brand account. The wrongdoer can set up a fake account of a real brand to launch their very own giveaway (or fakeaway, for that matter). Then they congratulate those who have commented on winning. Scammers contact the winner either by replying to their comment or by sending them a DM. This message usually has an outgoing link with a registry form. To receive the prize, the participants, of course, have to fill in their personal and bank details — which will then be left at the mercy of the scammers. 

So yeah, scams seem to be everywhere. And unfortunately, they don’t always work out well for users. 

Hacked Instagram account: What to do 

What to do if you did fall victim to scammers? After all, the scam can be so elaborate you don’t even blink before clicking on that link. If you think you’ve been fished, do the following: 

1. If you can log in to your account, secure it by resetting your password and logging out of any devices you don’t own. 
2. Always report strange emails to [email protected].

If you can’t get into your account and your username or password don’t work, learn how to recover your account: 

1. Select the ‘get help signing in’ option below log in in your Instagram app.
2. Follow these instructions to reach out to Instagram support. Keep in mind that it can take weeks to recover an account because the hackers can immediately change your username or email to take full control. 

A good thing is that you can avoid all this stress by improving the security of your account in advance. To do that, let’s first figure out what is indicative of a phishing attack on Instagram. 

What are the signs of an Instagram phishing attack?  

You should always be on the lookout for these signs in a message: 

1. Shortened links (tinyurl, bitly) 
2. Misspellings and grammatical mistakes 
3. Official notifications from Instagram or Facebook sent to you via DM
4. Sense of urgency — “act now, immediate required” or unusual requests 
5. Request for payment information, credentials, or other personal details 
6. Inconsistencies in email addresses, domain names, and links 
7. Links or buttons with sketchy re-redirecting URLs (e.g. “.cf”)  
8. Suspicious attachments

How to prevent being phished on Instagram

Noticed any of those signs? Not to fell prey to scammer, try to secure your account with the following steps: 

1. Look out for suspicious emails or messages. Emails from Instagram/Meta concerning your account will only come from @mail.instagram.com or @facebookmail.com. Also, they won’t text you via DM. 
2. Report strange emails to [email protected]. Got a suspicious DM or email? Report it. 
3. Don’t click suspicious links. It’s obvious, but you should never trust messages demanding money, offering gifts or threatening to delete or ban your account. Double-check. Always. 
4. Don’t respond to these emails. Don’t reply to messages that ask for your confidential information. 
5. Turn on two-factor verification. Receive a notification or enter a special login code when someone tries logging into your account from a device the platform doesn’t recognize.
6. Create a strong password and update it regularly. Use a longer combination of numbers, letters and special characters (like !$@%).
7. Secure your email account. Anyone who can read your email can probably also get their hands on your Instagram.
8. Log out of your Instagram on devices you share with other people. Don’t check the “Remember me” box when logging in from a public computer. 
9. Get a trustworthy VPN. Top VPN services will encrypt your internet traffic and hide your online activity from prying eyes. 

VeePN is a great way to start securing your online presence with its top-grade AES-256 encryption and other gems. The NetGuard feature blocks malicious websites, ads, and trackers from getting in your way. It prevents suspicious activity on the websites you visit so no cyberthreats can affect your device. Test-drive VeePN to feel more secure online. Let’s slay those cyberbeasts. 

FAQs

Why did Instagram log me out for phishing?

Seeing the “We’ve detected suspicious activity on your Instagram account and have temporarily locked it as a security precaution” message? It’s likely that you entered your login credentials on a website designed to look like Instagram, giving scammers access to your account. To get back your profile, turn to Instagram. 

How are Instagram accounts hacked?

Phishing is a common strategy for scammers to access your Insta. They can impersonate someone on Instagram and send you a DM or email. There they create a false sense of security or congratulate you on winning something and ask you to provide your personal information to fix a problem/get a prize. Learn more about Instagram phishing in this article. 

How can you tell a scammer on Instagram?

Among common signs of a phishing message on Instagram are: 

1. shortened links (tinyurl, bitly)
2. misspellings and grammatical mistakes
3. official notifications from Instagram or Facebook sent to you via DM
4. sense of urgency or unusual requests 
5. request for payment information, credentials, or other personal details 
6. inconsistencies in email addresses, domain names, and links 
7. links or buttons with sketchy re-redirecting URLs (e.g. “.cf”)  
8. suspicious attachments

Written by VeePN Research Lab VeePN Research Lab is dedicated to provide you latest posts about internet security and privacy.

Knowledge is power,
VeePN is freedom

Get VeePN Now