Account security is always a concern when you put any kind of personal information out on the web. But a new generation of scammers is emerging, using a particularly devious combination of social engineering, cryptocurrency, and old-fashioned blackmail. The scam is becoming more common on Instagram, where popular account holders are targeted and forced to assist in swindling their followers with fake videos.
The technique is chronicled in a report by Motherboard. There are a few variations, but it essentially boils down to three steps. First, a malefactor gets ahold of an Instagram user’s account information, either via sending a phishing link with a fake login page or by finding a reused password from one of the near-constant security breaches already available. Then the thief contacts the account holder and forces them to record a video of themselves, recommending their followers invest money with “a friend.” The video claims that you can quickly triple your investment via Bitcoin or other get-rich-quick schemes. The criminal promises to return control of the account to its rightful owner upon completion. The victim posts the coerced video with a payment link, their followers are swindled out of huge sums of money via cryptocurrency or purchases or simple money transfers, and the criminal disappears — generally without returning the Instagram account.
This new form of socialized theft is particularly distressing, as it forces the victim to become an active participant in stealing from their followers. While there’s no real-world equivalent, you might compare it to a mugger jumping you in an alley and forcing you to go home and stick up your friends and family, then returning with the proceeds.
With Bitcoin and other cryptocurrencies currently receiving a shot of legitimacy via national advertising campaigns from crypto exchanges, not to mention constant news of crypto booms in economic circles, it’s no wonder that social media users are particularly ripe targets. Combining that opportunity with forced endorsements from victims, and taking advantage of Instagram’s sometimes labyrinthian account recovery systems, is proving a particularly nasty and effective technique.
Check out Motherboard’s full report for more details on how this scam works. The best way to protect yourself is to stay vigilant against phishing techniques, enable two-factor authentication, and to use password discipline, never repeating login credentials from one website to another. An easy way to up your personal security online is to start using a password manager.