Instagram currently boasts over 2.35 billion monthly active users across the globe, with around 229 million in India itself. Owing to the considerable volume of users, it doesn’t come as a shock that the photo-sharing platform has come under the crosshairs of malicious actors, trying to dupe unsuspecting users out of their money via phishing scams. ABP Live has come across several recent cases where users are reporting their accounts getting cloned, and hackers reaching out to their contacts with mal intentions. Read on to find out more details.
How To Spot Fake Accounts On Instagram?
In multiple cases, hackers were found to clone the accounts of unsuspecting users in such a way that it’s very hard to differentiate which one’s original and which one’s not. This is because the fake account carries the same profile photo, the same bio, and the same number of followers (as well as the accounts you are following).
However, there are two major differences between a fake account and a legit profile.
For starters, the fake profile will not have a single post on their account. This can be checked by quickly visiting the profile page and checking out the numbers at the top.
Secondly, the username/handle of the fake profile will be slightly tweaked. For example, if the user handle of the original account is abc_123 or abc.123, the fake account will carry a handle that looks like abc_123_, @bc.123, or aabc_123 (note the nearly unnoticeable difference in certain characters).
How Do These Fake Accounts Reach Out?
After cloning an account, bad actors reach out to the friends and followers of the original user. On DM, they share this text: “Hi. I’m a contesting [sic] for an ambassadorship spot as an online influencer can you please vote for me.” This is the text ABP Live could spot in most cases, however, the message can be tweaked around as well, with more or less a similar tone in the end.
Now, if you do respond to this first text, you will soon see a response that goes something like, “Ok. I will send you the voting email now.” This will be followed by a mailing ID — Contesting131@gmail.com, based on the messages shared with ABP Live — and a clickable URL (screenshot below).
These URLs are largely believed to be acts of phishing, where unsuspecting users are enticed to click on a malicious link.
To understand the implications of these links, ABP Live spoke to Supreme Court advocate and cyber law expert Pavan Duggal, who said that in most cases, these links open up access to keyloggers, or keystroke loggers, which are designed to record what a user types on the on-screen keyboard on their devices. So, once that form is clicked on, bad actors will gain under-the-radar access to how you are using your phone, making it easier for them to copy your passwords and other key details.
What To Do If You Come Across A Fake Account?
As per Duggal, if you do come across an account posing as someone you know, the best advice would be to steer clear of it. “Don’t click on the links,” Duggal said. “Also, it would be best to reach out to the person whose account you think got hacked and clarify with them straight away.”
As mentioned earlier, it is highly advisable not to interact with such accounts or click on any links they share, no matter how enticing it may feel at the moment. It’s best to block and report the account right away.
Interestingly, when we blocked such a fake account on Instagram, it was immediately replaced by yet another cloned account, featuring a different profile photo, bio, and other details of another known contact (again, marked by zero posts and a tweaked user handle). Hence, constant vigilance seems to be the best bet against malicious activities.
Why Are Malicious Actors Targeting Instagram?
As per Duggal, sharing phishing links to unsuspecting users began during the covid-induced lockdown months, when cases of online scams grew by leaps and bounds. “At first, they mostly targeted Telegram, the instant messaging app, and over time moved to Instagram, simply because there are more young users here and is a visual-rich platform, giving hackers a better chance to dupe users.”
ABP Live reached out to the National Crime Record Bureau (NCRB) to understand the volume of such cases of cloned accounts being reported by users. This report will be updated when we hear back. To put things into perspective, in Q1 2023, Instagram owner Meta (who also owns Facebook) took action against 426 million fake accounts.
It should be noted that as of yet, there are no foolproof ways to protect your account from being cloned. Even if you keep an account private, your profile photo, bio, and other details are still visible no matter what. So, it’s best to maintain caution as and when needed.
Subscribe And Follow ABP Live On Telegram: t.me/officialabplive