Cybersecurity firm Symantec has unearthed a new scam campaign targeting Instagram users.
According to the company’s research, affected profiles have been altered with sexually suggestive imagery to lure users to adult dating and porn spam. These recent findings bear a resemblance to those from a previous report which discovered that more than 2500 Twitter accounts had been compromised to tweet links to similarly explicit content, although Symantec has not established a direct link between the two campaigns
Identifying traits of hacked accounts include:
• Modified user name
• Different profile image
• Different profile full name
• Different profile bio
• Profile link changed/added
• New photos uploaded
Whilst Symantec was quick to point out that it is currently not known how the profiles were compromised, it suggests weak passwords and password re-use are the cause, as is so often the case.
The huge popularity of social media accounts such as Instagram makes them a potential goldmine to cyber-criminals, who know that by comprising a single account they have the opportunity to send out spamlinks to hundreds – or in some cases thousands – of users.
“Scammers are naturally attracted to large online communities and with 500 million monthly active users, Instagram makes a prime target for maximum impact,” said Nick Shaw, EMEA vice-president and general manager at Norton by Symantec. “The influx of affected Instagram accounts identified by Symantec's Response team showcases a scenario when a hack could not only compromise your account but also damage your online reputation through profile alterations.”
The UK is the second most targeted country in the world when it comes to social media scams, says Symantec, and with an estimated 14 million Brits logging into Instagram every month, Shaw urged users to stay safe by switching on two-factor authentication, something that can help prevent scammers taking over accounts in this way.
“However, if you have been a victim of a hack or have identified an account that might have been compromised you shouldn’t remain passive and immediately report this,” he added.