The hackers seek to innovate increasingly to try to deceive users on the network. A technique that has become popular in recent months is to create fake Instagram profiles with names similar to those of real accounts that run sweepstakes, and try to impersonate them to steal data . This is what is happening on Instagram .
The draws are often a good way to publicize accounts, and influencers’s also used to gain a following, where the mechanisms are often used to share publications, give me like or follow accounts. However, hackers are aware of this, and are dedicated to creating accounts with similar names to contact users. With these accounts, the attackers are dedicated to contact the users who have participated in the sweepstakes, since it is possible to see who has given “likes” to a publication.
Giveaway Profile Impersonation: The New Scam
The contact is made by private message , where a false congratulation is sent saying that they have been chosen winners of the raffle . The message can continue with two variants, where either a link is provided in which the user is urged to fill in personal data , or the personal data is directly requested by Direct .
Among the data that attackers usually ask for is the full name, address, email, account number , and even Instagram passwords are requested in the forms of fake websites. In the case of having our email and password, and if we do not have the two-step verification activated, it is very easy for attackers to gain control of our account. Many profiles are already warning of this activity when they do giveaways:
Social networks such as Twitter and Instagram make it easy to report the impersonation of profiles, but until one discovers the accounts, days or weeks may pass in which they can get hold of the data of many users.
Avoid giving as much personal data as possible
These types of scams are included in phishing, which consists of impersonating the identity of a company or a person to obtain the data of a user. In the following image we can see how famous accounts have a multitude of profiles with modifications in the name to impersonate them.
The solution in these cases is simple: check if it is the account organizing the draw that is actually contacting us. In the case that it is a well-known profile (such as fitness Instagram accounts ), we can trust us, since they usually publish the name of the winners in a publication; but what we never have to do is give the password or the account number. At most, the only thing that is necessary is our physical address to pick up the gift, and even on those occasions we can always put the address of the Post Office or the courier company to pick it up ourselves. In the event that the prize is in cash, it is better to make us a Bizum or send us the money by PayPal.