There’s A Bizarre Hacker Crypto Scam Doing The Rounds On Instagram At The Moment
Here's how to not get caught out.
Instagram hackers are taking over user accounts in a new scam that tries to trick people into buying Bitcoins.
The indiscriminate cyber attacks lock people out of the app, change their password, and then post testimonials pretending that brokers have made a profit on their behalf by investing Bitcoin for them. A particularly absurd difference to other scams is that hackers have even gone so far as to force users to send vlogs of themselves assuring their followers that the investment is ‘real’, in what has been described as a digital hostage situation.
Sliding Into DMs
While the ploy has been doing the rounds since late last year, there’s been a surge of back-to-back cases in Australia in 2022.
Artist, actor, and writer Mel Ree told Junkee how an act of kindness turned into days of hell trying to retrieve her Instagram account back. She said an out-of-the-blue message from the hackers sent from her friend’s account started the whole rigmarole.
“They had my friend’s account and said ‘I need help’, and I was like of course I’m going to help my beautiful, soft, loving friend,” she said. “And they did that stupid thing where they said ‘can you send me your number and receive the link for me'”.
Ree agreed, and as soon as she passed over what they needed, they immediately changed her login details. “You know, obviously [from retrospect] it was the ‘reset your Instagram password’ link, but because it came from someone so kind, I trusted them.”
An Arduous Task
After seeing the Bitcoin posts go up on her feed, she sent the hackers messages via DM to her account, trying to negotiate with them to hand it back over. Ree was locked out for three days, and gathered a team of close friends to brainstorm the next steps.
She finally got in after reaching out to Facebook’s Help Centre, and going through Instagram’s identity verification process of sending an email with a selfie holding a piece of paper with a unique code that the social media customer service team had provided to prove it was her.
“After I got my account back, [the hackers] sent me a message saying ‘sorry for everything’,” she recounted in disbelief. “And I said, give my friend’s account back you shit face!”
Unfortunately, a couple of mutuals got swept up along the way, and were also hacked after receiving messages from Ree’s account. She said she was also sent a lot of messages from followers asking if the Bitcoin posts were real or not because of the absurdity of the captions, which read along the lines of ‘I can’t believe my eyes, I made all this money’.
Cyber Security Director at Deakin University Fadi Jafari said to Junkee that while the idea of compromising social media accounts is not new, hackers are getting creative in their efforts to empty people’s pockets.
“The tactics that hackers are using are still the same from the last five years or more,” he said. “They need to gain access to people’s accounts so that they can promote their scam, so that person’s followers or friends would be basically convinced to click on something because they trust that person.”
Jafari said there are three easy steps you can take to prevent falling victim to phishing more generally: setting up multi-factor authentication, using a password manager to generate unique log-in details for different accounts, and considering going on private.
While it’s easy to brush off the possibility that you’d fall for the scam, it really could happen to anyone if your guard is down. For cases like this, when SMS codes are crown jewels, be vigilant and sceptical when people make requests for your personal details — hackers prey on trust and goodwill.