Instagram is the world’s fastest-growing social media platform, so it comes as no surprise that it has attracted the attention of fraudsters who are keen to cash in on the platform’s popularity.
Since it launched in 2010, the app has amassed more the 1.15 billion active users who share a staggering 95 million photos every day. This popularity, coupled with the open nature of the platform, makes it the ideal place to scam large numbers of people.
By hiding their true identities behind fake profiles and accounts, cybercriminals can impersonate trusted sources, trick people out of money, sell counterfeit goods, or harvest personal information for financial gain. Scams can spread at an alarming speed as more people like, share, and comment on malicious posts.
To avoid being on the receiving end of one of these scams, we’ve put together a guide that highlights the most common types of Instagram scams and how you can avoid them.
Common Instagram Scams
1. Fake Brand Accounts
Fake brand accounts are rampant on Instagram, and according to research from Ghost Data, nearly 20% of all posts about fashion products feature counterfeit goods, and more than 50,000 accounts promote and sell these knock-off products every day. These imposter accounts promise exclusive discounts, but the real aim is to buy likes and followers to add credibility to their scams.
2. Free Instagram Followers and Likes
Influencers can make huge amounts of money by promoting the products of different companies on their profile. The more followers they have, the more money they can make. Cybercriminals have been quick to capitalise on this business model by masquerading as companies selling cheap followers and likes to help influencers bump up their numbers. These accounts may appear to be real but they’re often fake automated accounts set up specifically to defraud users.
3. Fake Investment Scams
During June 2020, Action Fraud received 164 reports from individuals falling victim to fraudulent investment schemes on Instagram. These reports amounted to a combined financial loss of £358,809. Typically, fraudsters will approach victims via the instant messaging feature of the platform after advertising their service. They’ll claim to only require an initial investment of a few hundred pounds which will then be used to trade on the stock market. Once a payment has been made, they’ll disappear with very little chance of the money ever being recouped.
4. Fake Giveaways
Whilst there are many legitimate giveaways and promotions on Instagram, there are also a lot of fraudulent ones promising non-existent prizes. They usually mimic big brand names and request that you like, share or comment on the post to be in with a chance of winning. The real aim is to harvest your personal information or to get you to follow their account to add credibility to their scam.
5. Phishing Scam
There are lots of different types of phishing scams on Instagram. Common scams include phishing emails that ask users to click on a link, verify activity on their account, or submit personal information. If a fraudster gains access to your account, they can steal your personal information or change your password and lock you out. Direct messages are also increasingly being used to push malicious links and scams.
Signs of a Scam
- Messages that appear to come from a friend or a company you know asking you to click on a suspicious link.
- A message from someone you don’t know requesting money.
- Someone claiming to be from Instagram security asking you to provide account information, or to verify your account.
- Accounts representing large companies or public figures that are not verified.
- People or accounts asking you to claim a prize.
- A request to move your conversation off Instagram to a less public and less secure setting.
- Messages or posts with poor spelling and grammatical mistakes.
- People who misrepresent where they are located.
Top Tips to Avoid Instagram Scams
- Don’t click on suspicious links – Instagram will never ask users to click on a link to update their personal details. To check if a request is legitimate, go directly to the ‘Emails from Instagram’ tab and you’ll see a list of all the official emails that Instagram has sent you within the last 14 days.
- Make your account private – Instagram accounts are set to public by default so to ensure that only friends can view your posts, you should make your account private. Only approved followers will be able to find your posts through search, see which posts you’ve liked, or send you direct messages.
- Enable Two-Factor authentication – Two-factor authentication provides an extra layer of defence in securing your accounts. If you enable this on your account, Instagram will text you a unique code for logging in.
- Disable activity status – Instagram has a feature that allows people you follow or have direct conversations with to see when you were last active on Instagram. To protect your privacy, go into ‘Settings’ and turn off ‘Activity Status’.
- Check Login activity – To check if your account has been hacked, go into ‘Settings’ and click on ‘Login Activity’. This page will provide you with a list of all the locations where you’ve logged in with your account. If there are any locations that you don’t recognise, this could indicate that your account has been compromised. You should immediately log out and change your password.
- Block accounts – If someone is harassing you or posting inappropriate content, you can manually block them. Open the three-dot menu on the account and select ‘Block’. It’s also worth reporting the account to Instagram. If they find that the account, comment, or video has breached its terms of service, the account will be suspended.
- Do your research – If you’re unsure if an account is legitimate or not, you can go into their profile and select ‘About this Account’. Instagram will show you when the user joined the platform, where they’re located, if they’re running any ads, if they’ve made any username changes, or if they have accounts with shared followers. If something doesn’t seem quite right, you can then block and report the user.
- Keep a close eye on third-party apps – It can be easy to lose track of all the third-party apps you have connected to your Instagram account. Whilst the vast majority are safe, you may have unintentionally installed a rogue app that is harvesting your data for malicious purposes. If you go into ‘Settings’, you can view active and expired authorised apps and then remove or grant access to the services you want.
- Check if accounts are verified – If you’re buying products from what appears to be a big brand account, check that the account is verified with a blue tick. Suspicions should be raised if a seller is offering expensive products for low prices or if they have strange payment methods.