A new kind of scam on Instagram is getting popular, so we tell you how Instagram fraudsters trick you into believing you’ve won sweepstakes…
Hackers are increasingly looking to innovate to try to deceive users on the network. One technique that has started to become popular in recent months is to create fake profiles on Instagram with names similar to those of real accounts doing sweepstakes and try to impersonate them to steal data. This is what is happening on Instagram.
Sweepstakes are usually a good way to publicize accounts, and influencers also use them to gain followers, where the mechanisms usually used are sharing posts, liking, or following accounts. However, hackers are aware of this and are dedicated to creating accounts with similar names to contact users. With these accounts, the attackers contact users who have participated in sweepstakes, as it is possible to see who has “liked” a post.
Impersonation of sweepstakes profiles: The new scam
The contact is made via private message, where they are sent a false congratulation saying that they have been chosen as winners of the sweepstakes. The message can be followed by two variants, where either a link is provided urging the user to fill in personal data, or the personal data is directly requested by Direct.
Among the data that attackers usually ask for is the full name, address, email, account number, and even Instagram passwords are requested in the form of fake websites. In the case of having our email and password, and if we do not have two-step verification enabled, attackers, have it very easy to take control of our account. Many profiles are already warning of this activity when doing sweepstakes:
Social networks such as Twitter and Instagram allow easy reporting of profile impersonation, but until one discovers the accounts, days or weeks can pass in which they can get hold of the data of many users.
Avoid giving as much personal information as possible
This type of scam is included in phishing, which consists of impersonating a company or a person to obtain the data of a user. In the following image, we can see how famous accounts have a multitude of profiles with modifications in the name to impersonate them.
The solution in these cases is simple: check if it is the account organizing the sweepstakes that are contacting us. In case it is a well-known profile (such as fitness Instagram accounts), we can trust them since they usually publish the name of the winners in a publication, but what we should never do is to give the password or the account number. At most the only thing that is necessary is our physical address to pick up the gift, and even on those occasions, we can always put the address of the post office or courier company to go pick it up ourselves. In the case that the prize is in cash, it is better to make us a Bizum or send us the money by PayPal.
