'This took a few hours to make': Instagram scam offers users gift, then steals their account via linked website
Some Instagram users have received messages, supposedly from their followers, promising gifts they can redeem by keying in their password on a separate login page that looks like Instagram's.
Simply tapping on these links appears to be enough for hackers to gain access to users' accounts - even without entering the password.
In cases seen by The Straits Times, users first receive a message from a follower with a compromised account offering a gift. The message usually says: "This took a few hours to make. I hope you love it."
The contents of these gifts are never specified.
The message comes with a personalised link directing them to a separate website that includes the receivers' username, tricking them into believing the link was crafted especially for them.
Shortly after, swindlers gain access to the user's account and use it to broadcast a similar scam message to other followers, who in turn, may be deceived into thinking their friends are offering them a gift.
A similar line of Instagram scams was reported in overseas media, including by The Independent in the United Kingdom, which warned that the fake login page allowed hackers to enter users' accounts.
It reported: "There (are) no gifts - and instead, that page will simply steal a user's password, with affected people reporting that they are simply thrown onto an online gambling page at the end."
Hackers then have access to the user's password, allowing them to send the same message to other users, The Independent wrote. It urged users to be cautious about entering passwords on any website.
Responding to queries from The Straits Times, a spokesman for Meta, which runs Instagram, urged users to pick strong, unique passwords and never share them with people they do not trust.
The spokesman added that users should turn on two-factor authentication in their settings for added security, but did not provide further details on the scam.
She pointed to a Meta advisory that warns users not to trust messages that offer gifts, demand money or threaten to delete their account, and to promptly report such cases to Instagram or Facebook, which is also operated by the company.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now
