Instagram scam offers users gifts – and then steals their account
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.An Instagram scam is hurtling around the app by promising users gifts – and then stealing their passwords.
The hack has been around for some time, but continues to prove popular, in part because it is built to replicate itself.
The scam starts when users receive a message, seemingly from a friend, in an Instagram DM. In the message, the friend will say they’ve been working on something for hours, and send a link, which includes the words “giftshop”, “buzz”, a host of numbers, and the name of the recipient.
The message might look exciting: it seems like it might offer a gift list, full of curated products, which a friend has spent hours working on.
When the recipient clicks on it, they will be asked to log into what appears to be Instagram in order to verify themselves. Once again, that might seem normal and even exciting, given the promise of gifts on the other side.
But that log-in page is the scam. There is no gifts – and instead, that page will simply steal a users’ password, with affected people reporting that they are simply thrown onto an online gambling page at the end.
The hackers will then have access to a users’ passwords, which also allows them to then send on the same message. Your friends will receive similar DMs, seemingly offering gifts and ostensibly from you, but which are actually from the hackers who have stolen the passwords.
As ever, the best approach is be very careful about entering passwords on any website. While the log-in page looks like Instagram – and because Instagram pops up its own browser page, it can be hard to check whether it really is – it is important never to enter a password on any website that might be posing as another.
If that does happen, the first thing to do is change passwords. That can be done within the Instagram app, by heading to your profile, clicking the cog for settings, and choosing the “security” option, where the password menu is found.
On that same page, users can change a number of important security settings: turning on two-factor authentication, conducting a security check, and finding which apps and websites are linked to a given account.
Going through all of those will help limit the impact of any hack that has happened as well as making it harder for hackers to get through in the future.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments