Snapchat and Instagram users are being warned not to fall for a new extortion scam that is being widely circulated on both social media platforms.
Cybercriminals are tricking victims into revealing their two-factor authentication (2FA) codes and then extorting them for money. If the victims don’t pay up, they are threatened with having all their personal photos shared publicly.
Two-factor authentication is used to provide an extra layer of security on an account. In addition to a password, two-factor authentication requires a second piece of information to confirm the user’s identity.
If a user has enabled two-factor authentication on their Snapchat or Instagram accounts, they are required to enter a special code to log into their account. This code is typically received from a code generator app such as Google Authenticator or through SMS.
If the crooks can successfully intercept the two-factor authentication code, they can then log into the user’s account and change their credentials.
Action Fraud, the UK’s National Centre for Fraud and Cybercrime, has received multiple cases of the scam in recent weeks.
Advising Snapchat and Instagram users on how to stay safe, Action Fraud said: “Don’t respond to messages that ask for your login details or two-factor authentication codes. These can be used to compromise your account. Use the report functions within Snapchat and Instagram to flag spam messages, or accounts that have been hacked.”
Instagram and Snapchat are two of the world’s most popular social media networks. Instagram has more than one billion active users each month, while Snapchat has 190 million daily active users. This huge global audience acts as a magnet to cybercriminals who are keen to launch their devious scams.
The latest scam follows hot on the heels of the ‘Nasty List’ phishing scam which swept through Instagram in recent weeks.
Users reported receiving messages informing them that they were spotted in a so-called ‘Nasty List’. The message is embedded with a link and says: “OMG is actually here, @TheNastyList xx, your number is 23! It is really messed up.”
When the user clicks on the link, they are asked to enter their username and password. The information is then relayed straight back to hackers who will use the data to commit fraudulent activities.
There appears to be no let-up in the massive rise in social media phishing scams and according to a recent report from Vade Secure, social media phishing attacks are up more than 70% in the first quarter of 2019.
To protect yourself from being scammed on social media, there are a number of steps you should take:
- Never click on links requesting personal information
- Use unique login details for each account
- Only enter personal information on a secure and encrypted website (HTTPS)
- Install Anti-Virus Software
- Enable Two-Factor Authentication on all accounts
- Never accept friend requests from someone you don’t know
- Keeping operating systems up to date
- Use enhanced privacy settings to restrict what people can see on your account
Despite the increasing sophistication of phishing attacks, there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. Get in touch for further information on how we can help your business.