Symantec have warned Instagram users of scammers who are hacking accounts and altering profiles with sexually suggestive imagery. The imagery is being used by the hackers to lure users to adult dating and porn spam.
This latest hack follows an influx of fake Instagram accounts seen earlier in the year. Symantec reported how fake profiles using stolen images from legitimate profiles were being used alongside different methods of interaction to lure Instagrammers to click on links to adult dating sites.
Commenting on the attraction of sites like Instagram to hackers, Nick Shaw, EMEA Vice President and General Manager at Norton by Symantec, said:
“Scammers are naturally attracted to large online communities and with 500m monthly active users, Instagram makes a prime target for maximum impact. The influx of affected Instagram accounts identified by Symantec's Response team showcases a scenario when a hack could not only compromise your account but also damage your online reputation through profile alterations.”
In this most recent hack, Symantec observed a number of common traits of the hacked accounts. These included modified user names, different profile image, different full name, different bio, different profile link and new photos uploaded.
The fake profile, which displays a profile image of a woman no matter the gender of the real user, points users to visit the profile link – the link to the adult site.
Although the scammers upload sexually suggestive pictures, they do not delete any images uploaded by the real account owner.
However, of huge concern is the fact that that the hackers are also changing the passwords of the breached accounts – a way many are learning that their accounts have been compromised.
Symantec remain unclear as to how the scammers are hacking Instagram accounts, but do suggest that weak passwords are to blame. The security firm recommend users enable two-factor authentication and alert Instagram if your account has been hacked.
Warning UK users of the likelihood of attack, Symantec’s Shaw said: “Concerning statistics from our 2015 Internet Security Threat Report, revealed that the UK is the second most targeted country globally for social media scams.
"Therefore, to stay safe when using Instagram, you should turn on your two-factor authentication, which would automatically send a verification code to your mobile device when you try to log in from an unrecognised device. However, if you have been a victim of a hack or have identified an account that might have been compromised you shouldn’t remain passive and immediately report this.”