Back to Back Issues Page
Watch For Scams Newsletter. Verified badge scam
July 09, 2019
Hello

Verified Badge Scam

Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below: Subscribe Here

Verified Badge Scam

A common scam surfacing now is a phishing campaign that lures Instagrammers with a ‘verified’ badge. A ‘verified’ badge – that little blue check on one’s profile page – is quite coveted. News reports say just about one percent of Instagram users have undergone the verification process, giving exclusivity to the verification checkmark. Scammers promising to provide one with a ‘verified’ badge lure Instagram users and phish their login credentials away.

In order to obtain these checkmark symbols, page owners must meet a list of various requirements and undergo a verification process with their social media provider and when combined, all of these factors can lead someone to ignore the warning signs and fall victim to phishing attempts. Recently there was a page which masquerades as a real Instagram Verification submission page, and the phishing page urges visitors to click ‘Apply Now’, taking them to a series of phishing forms on the phishing domain instagramforbusiness[.]info.

After submitting each form, the login information is sent via email to the hackers, giving them access to the victim’s social media page.

The popularity of the service and the naivete of the users have made Instagram a hotbed of scams. Scammers are cynically exploiting people’s charitable instincts by pretending to send aid to Sudan in exchange for clicks so that they can accumulate followers with people aged 20-30 years being the susceptible targets.

Popularity in Instagram also makes your profile a treasure trove for data hunters. Recently a database of Instagram influencers was left exposed and without a password allowing anyone to view the information. Each record contained public data scraped from influencer Instagram accounts.

In 2017, a group of hackers harvested the contact details of the most popular six million Instagram accounts and sold the data on the Internet. Instagram conceded that there was a security lapse, though it did not specify the number of users affected.

The best defence is good hygiene with passwords and devices security. In particular, invest in a password vault and keep strong, unique passwords by site.

It is worth spending a little more time validating the legitimacy of a website before submitting any personal information.

Phishing scams are often socially engineered to either scare the recipient into taking immediate action, such as clicking on a link or downloading an attachment, or to steal user credentials with the promise of something appealing, such as a free phone or, indeed, a "verified" blue checkmark on Instagram.

If you believe you have been a victim of this type of scam you should promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Remember - always watch for scams!

Steve

Back to Back Issues Page