Every day, hackers try to get into the social media accounts of unsuspecting individuals. Social Media phishing is on the rise. From Facebook to Twitter and even Instagram, hackers want to get into your accounts to try and broadcast fake scams out under your name. So how do you protect yourself from these lucrative attempts to get into your account?
Just today my client received another email trying to get into her Instagram account. This email said that she has an Instagram “Terms of Service” violation for posting Inappropriate/Adult Content with a link to get her to click on that she accepts the terms. She’s never posted any content of that sort, so we knew it was fake from that line alone.
Also, look at the “To” address. It’s going to Instagram from Instagram.
These emails look legit, don’t they? All styled up with the Instagram branding that you know and have a sense of trusting. Well actually, both of these emails are PHISHING. They did NOT come from Instagram, and when you click on the button “Account Centre” or “Remove Applications” you’re directed to a URL that is accounts-Lnstagram.com (This is a phishing link, do not go to the URL). Clearly, this URL doesn’t belong to Instagram and a WHOIS search on the domain name shows the following:
Domain Name: ACCOUNTS-LNSTAGRAM.COM
Registrar: SHINJIRU MSC SDN BHD
Sponsoring Registrar IANA ID: 1741
Whois Server: whois.ilovewww.com
Referral URL: http://ilovewww.com
Name Server: NS1.STEELDNS.COM
Name Server: NS2.STEELDNS.COM
Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Updated Date: 24-dec-2015
Creation Date: 08-dec-2015
Expiration Date: 08-dec-2016
You can do a WHOIS search by going to http://www.whois.net and inputting the domain name.
So what happens when you click that phishing link in the email? You’re taken to a page that looks like this.
Being that they’ve sent you this email at early hours of the morning, you’re probably all like “Oh no!! I can’t lose my Instagram account.” Again, this is a phishing attempt, look at the URL, it’s still ACCOUNTS-LNSTAGRAM.COM. Now, if you’ve clicked on that “Accept” button accidentally, this is where the hacker will gain access to your account.
If you’ve fallen for these phishing emails, change your passwords immediately an enable 2FA on your accounts so no one can get in.
These phishing attempts aren’t just on Instagram, they are also on any popular site imaginable such as Facebook, Twitter, LinkedIn, Snapchat.
Here’s a phishing email that has been going around that says it’s Facebook.
Again, it’s fake… clicking “here” or “update” or logging in will open your account to hackers so don’t click the links!
So what’s the best practice? Don’t click on links in emails and DON’T fill in your login details! Go to the website URL’s directly that you know and trust such as Facebook.com for Facebook, Twitter.com for Twitter and Instagram.com for Instagram. If we all follow these safe Internet practices, we’ll all remain protected and the hackers will go elsewhere or find another hobby.
In case your accounts did get compromised, give us a call or send us an email and we’ll be happy to take a look and see if we can mitigate the issue for you. Our contact information is available on our website.
Did this information help you? Share it with a friend or colleague, they’ll be happy to know!