Tech security company Symantec has revealed a scam that preys on Instagram users keen to take up a 'free' offer of hundreds of new followers.
According to a blog post by Symantec senior security response manager Satnam Narang, the culprits have left comments on pictures with popular hashtags like #throwbackthursday with offers such as: "Want 100 followers or more? Click the link below if you want a ton of likes and follows and go viral!"
The link takes the Instagram user to a scammer account, which then leads to a phishing operation.
"They are redirected to a site that looks just like a real Instagram login page. However, it's not the legitimate Instagram login page and is hosted on another site," Narang wrote, adding that the user's Instangram username and password are then harvested.
In some instances, the scam induces the victim to complete a survey or a 'human verification' – or a Turing Test – before the supposed free followers are granted, which is also designed to harvest private information.
Narang said that Symantec found a file on the phishing site that contained passwords for almost 500 users.
"When it comes to social media, nothing is ever truly free," he said, adding that the scam never ends in the user gaining additional followers.
"Be wary of offers for free likes or followers on Instagram. If a link leads to a webpage that looks like Instagram, attempt to verify its legitimacy before logging in. It’s likely a phishing site trying to steal your account credentials. Finally, if you end up on a site that asks you to verify that you're a human being, close the tab."
Symantec has contacted Instagram about the scheme.
"Instagram has identified and cut off the source of this particular scam. The company has taken steps to return control of any impacted Instagram accounts to the proper owners," said Narang.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
