How Instagram accounts are hijacked, according to Kaspersky Lab

(Image from Pixabay)

Instagram (IG) is one of the most popular social networking sites today with one billion monthly users. With the sheer number of accounts, it has become a playground for cybercriminals and Kaspersky Lab wrote a blog post to help users prevent it from getting hijacked.

This social networking platform has also become a venue to connect with people from around the globe. But like in real life, users need to be wary of who they are connecting with especially when their accounts are on public mode.

To help IG users protect their account and minimize the chance of it getting hijacked, Kaspersky Lab made a list of things to be wary of.

Hijack method no. 1: Fake verification

Almost everyone wants that “Verified Account” or blue check badge. According to Kaspersky’s post, no one can just get a badge. It’s Instagram who decides to award it. For those who badly wanted a badge, scammers will pose as Instagram help centers and entice users to provide them with personal details such as “username, password, email address, first name, last name, and date of birth,” which all go right on the attackers’ laps. The users are made to wait for 24 hours and asked not to change account settings while the criminals do their job of compromising the account.

Criminals found a way to bypass the two-factor authentication by displaying a message saying a support service will contact the owner for more details. The message will ask for an SMS code or other security information.

Hijack method no. 2: Plain old phishing

Don’t be fooled by “scary messages” that the account is hacked or log-in credentials need to be updated. Then there is this scam to “rate a photo” that will need the users to log in to the social network. When messages start asking for these credentials then this is the time to be more wary and suspicious.

Kaspersky Lab offers the following precautionary measures to guard your account against getting compromised.

  • Prevention is better than cure — especially if curing is next to impossible. By observing these simple rules, you can stay safe:
  • Don’t click on suspicious links.
  • Always check the address bar for the URL of the web page. If instead of it says something like or, get out of there quick, and don’t even think about entering any personal data on pages like this.
  • Only use the official social network app from the official store — such as Google Play for Android, or App Store for iOS.
  • Don’t use account login credentials for authentication on third-party services and apps.

Categories: Uncategorized

Tagged as: , ,