What is an Instagram scam?
An Instagram scam involves some kind of fraud or attack taking place on the social media app Instagram. There are many internet scams, of course, but Instagram is particularly popular with bad actors because of its huge user base.
Instagram, which is owned by Meta (the parent company of Facebook and WhatsApp) is one of the biggest social media platforms in the world, with more than a billion users and consistently impressive growth. The app has suffered security issues in the past, however. Because of a bug discovered in 2020, hackers on Instagram could capture your device with relative ease. Though that issue will now have been resolved, it shows that Instagram is not always risk-free.
While the app focuses on visual media, like photos and videos, it also allows users to message each other privately — an essential feature for most fraudsters. Instagram scams come in many forms, which we’ll cover below.
The most common Instagram scams
Instagram scams vary widely in style and strategy, but here are the most common examples.
While Instagram scam emails are a risk, scammers are more likely to contact people through direct messages (or DMs) urging victims to click a link that then initiates a malware download. It’s very easy for someone to set up a fake account and pretend to be a legitimate company or celebrity.
With this fake account as cover, the fraudster then messages Instagram users to tell them they’ve won a valuable item or have been selected to take part in a prize draw. For example, bitcoin Instagram scams often involve the attacker offering to send a victim bitcoin. To claim the bitcoin or enter the competition, the victim just needs to click a link, which in turn infects their device with malware.
Hijacked Instagram accounts
If a hacker can break into someone else’s Instagram account, either using malware (perhaps delivered through phishing messages) or by cracking a weak password, they can then use the account to launch a variety of attacks on the account owner’s contacts and friends. While this could involve targeted phishing attacks through direct messages, it might also take place via Stories. Instagram Stories are visual posts that last for 24 hours and can contain text and, crucially, links.
Malicious Instagram ads
Instagram is a free app, which means that much of its monetization strategy relies on advertising. While that in itself isn’t a problem, the sheer volume of ads being submitted and displayed through Instagram makes it hard for the company to check them thoroughly for potential scams. As a result, bad actors may be able to promote bogus products, malware-infected links, and other scams through Instagram ads.
Catfishing involves a scammer masquerading as someone else: either a real or stolen identity or a completely fabricated one. For this kind of Instagram scammer pictures are important; they want to create an authentic-looking fake identity. Using a catfish account as a front, they might attempt to earn someone’s trust and perhaps even establish a romantic connection, in the case of so-called romance Instagram scammers.
Eventually, the catfish can ask the target for financial aid — perhaps to get them out of an alleged sudden and unforeseen crisis overseas. As soon as the money is transferred, they can delete their account and vanish.
Signs of a scammer on Instagram: how to detect a scam
Learn to identify the small red flags that indicate an Instagram scam. Here are some of the most notable.
- The account you’re dealing with has only been created in the last few days — this is especially concerning if the person has posted multiple photos at the same time in an attempt to fill out their page and make it look more convincing.
- Messages and posts contain spelling errors and odd phrasing. Many scammers will not be in the same country as you and may even be using an online translating service. While this isn’t conclusive evidence of a scam, it should raise your suspicions.
- An Instagram user wants you to click on a link. When sending links — be it news, music, or video clips — people tend to use apps like Facebook Messenger and WhatsApp instead of Instagram, as these platforms are better optimized for URL sharing. If an unknown account sends you a link, it’s almost certainly a scam.
- You see an offer that seems too good to be true. It probably is! This red flag applies to any website or social media platform, but especially Instagram. It’s common for scammers to set up pages that claim to be giving away free Apple technology, like iPhones and MacBooks, and they might even create fake Instagram scam accounts to leave enthusiastic comments on their posts. Don’t fall for it!
What to do if you were scammed on Instagram
Was your Instagram hacked? You can still take several steps to keep yourself safe and to limit the risks to other people.
- Change your passwords. Changing your password is a must if you think you’ve been scammed. If you’re not sure how the scam was carried out, there’s a possibility that it involved someone bypassing your password information, either because your login details were leaked somewhere or because they were too simple.
- Let your friends and family know. It’s very likely that a hacker who has accessed your account will attempt to launch further attacks on your contacts and followers. If you have access to your account, post a story or a permanent upload warning people of the risks and telling them to disregard any unusual messages from you.
- Report! If you’ve been scammed or targeted by a specific account, it’s worth knowing how to report an Instagram scammer. You can do this by going to the scammer’s profile, clicking the three dots in the upper right corner, and selecting “Report” from the menu. You can also encourage people you know to do the same. The more people who report the scammer, the more likely Instagram will notice.
- Contact your bank. If the scammer has caused you financial losses or if you have concerns that they might have, contact your bank immediately. The bank’s fraud team may be able to recover or block certain transactions. Even if it’s too late, they can still offer advice on the steps needed to protect your bank account going forward.
How to protect yourself from scammers
Here are three simple rules to follow to protect yourself from Instagram scammers in the future.
- Use strong passwords. Using strong passwords is incredibly important because a weak password can allow hackers to access your account in seconds. Use a long, complex password, or get a password manager, which can generate hard-to-crack login details. And if possible, set up two-factor authentication on your account for added protection.
- Be wary of direct messages. If you receive a message that asks you for personal information or to click a link, be on your guard! Check the page carefully for signs that it’s fraudulent. If the sender claims to be from a company or to represent a public figure, look up the official account and make sure it’s the same one that messaged you (scammers on social media often try to create fake clones of real profiles).
- Keep your Instagram profile private. Allowing anyone to view your page is always a risk because the more information a scammer has about you, the easier it is for them to target you with convincing phishing attacks or to steal your identity. We strongly advise that you set your profile to private and avoid putting personal information in your bio.