Influencers and Instagram account owners with large followers must be careful. Currently hackers are targeting these accounts to be hijacked and then asking for a ransom.
This latest piracy campaign was discovered by researchers from cybersecurity firm Secureworks. Hackers use phishing methods to break into Instagram accounts belonging to companies and influencers, but their method is much more 'subtle'.
This hacker method usually starts by sending a warning to the user that is made to look like it's from Instagram directly. The warning notifies users that one of their photos violates copyright and their account is in danger of being deleted.
In the warning, the hacker included a link to an appeal form. If the link is clicked, the user will be redirected to a phishing page that is created similar to the Instagram login page.
If a user is careless and enters his Instagram account username and password, hackers can use those credentials to hijack the account. After successfully hijacking the account, hackers will change the user's username and password so that they will have difficulty logging in again.
Not only that, the hacker also wrote a description on the Instagram profile saying that the account had been hijacked and then sold to the original owner. In addition to that description, the hacker inserted a WhatsApp link and a contact number that could be contacted to discuss the ransom amount.
Hackers can also directly contact victims directly using the phone number entered into their account details, as quoted from Gizmodo, Saturday (29/1/2022).
Based on Secureworks searches, the hackers who run this phishing campaign are indicated to be based in Turkey and Russia. They are known to have been running this operation since August last year.
After browsing underground forums, Secureworks came across a post from September that revealed that someone linked to the hacker was selling access to hijacked Instagram accounts for up to USD 40,000.
To avoid hijacking accounts by hackers, Secureworks advises Instagram users to enable two-factor authentication to limit unwanted access.