Instagram's verified badge is a way to show users that the account in question is an authentic presence of a public figure, celebrity or brand. According to Instagram, in order to request a verified badge for your Instagram profile, you must be a public figure, celebrity or brand and meet certain account and eligibility requirements.
Having this badge can open up a world of opportunities, but there's a dark side to verification: scammers are using it to trick people out of their money. Verification services promise to get you verified by Instagram. They'll even guarantee it.
Instagram launched a public verification-request form in 2018, causing the number of verified users to skyrocket. According to Instagram, “The verified badge is a tool to help people find the real accounts of public figures and brands, and it means that we have verified that this is a notable and authentic Instagram account.”
Over time, the verified badge became a symbol of status, importance, and influence. This hunger for the symbol has spawned a new Instagram phishing scam, promising unique, verified account status in exchange for personal information and/or money.
How Do Hackers Scam Users with Fake Instagram Verification?
The fraud revolves around Instagram's verification system, which uses a blue tick to imply that the account owner is a famous figure, celebrity, or worldwide business. According to analysts, scammers attempt to abuse this system through a new phishing scam targeting the social media platform.
Victims get lured to sites promising verified status badging. Once they click the 'apply now' button, they are sent to a series of phishing forms, which ask for their Instagram login details, and email and password validation. The attackers steal the victims' login credentials and gain unlawful access to their social media accounts.
Though Instagram uses anti-fraud techniques to detect unusual account logins, it does not yield the desired results. For example, if Instagram detects a suspicious login using fingerprinting, it prompts users to give their login details. However, as this scam targets the related email login credentials, hackers can reset and verify the ownership of the victims' accounts.
How Hackers Use Stolen Accounts
They can use the account for their business. The hackers can modify the account's name to anything that sounds like Instagram's tech help and use the account's large following to establish credibility.
Hackers can demand indecent content from the victim. Hackers can use this information for extortion, selling, or catfishing on online dating services.
By snooping on the victim's contacts, hackers can assume the victim's identity and contact the victim's connections to deliver phishing links or request money directly.
How to Protect Yourself Against Fraudulent Instagram Verification Services?
Don’t give away personal information:
Asking for bank account details or requesting personal information are tell-tale signs of scammers. Proceed with care if you've received any suspicious direct messages or emails.
Only trust verified accounts: Big businesses invariably link all their official social media accounts. If a user/business has not linked their accounts, there is a high probability of fraud.
Use 2FA: Incorporate two-factor authentication as an additional checkpoint for account logins. This step necessitates the user to log in after confirming their identity by using another account or device. Text messages, emails, in-app prompts, biometrics, and even a USB key are examples of 2FA.
Reset your password: If you believe a hacker is attempting to obtain access to your account, reset your password to be secure.
As Instagram's verified badge becomes more coveted, verification scams continue to pose a threat. Users need to be aware of these scams and take measures to protect themselves. Verified users should also use caution when interacting with unverified accounts, as these may be attempts to scam them.