How Scammers Hijack Your Instagram


Authored by Vignesh Dhatchanamoorthy, Rachana S

Instagram, with its huge person base and dynamic platform, has change into a hotbed for scams and fraudulent actions. From phishing makes an attempt to faux giveaways, scammers make use of a spread of techniques to take advantage of person belief and vulnerability. These scams typically prey on individuals’s want for social validation, monetary acquire, or unique alternatives, luring them into traps that may compromise their private accounts and id.

McAfee has noticed a regarding rip-off rising on Instagram, the place scammers are exploiting the platform’s influencer program to deceive customers. This manipulation of the influencer ecosystem underscores the adaptability and crafty of on-line fraudsters of their pursuit of ill-gotten features.

Brand Ambassador and influencer program scams:

The Instagram influencer program, designed to empower content material creators and influencers by offering alternatives for collaboration and model partnerships, has inadvertently change into a goal for exploitation. Scammers are leveraging the attract of influencer standing to lure unsuspecting people into fraudulent schemes, promising fame, fortune, and unique alternatives in trade for participation.

The first step entails a cybercrook making a dummy account and utilizing it to hack right into a goal’s Instagram account. Using these hacked accounts hackers then share posts about Bitcoin and different cryptocurrencies. Finally, the hacked accounts are used to rip-off goal associates with a request that they vote for them to win an influencer contest.

After this sequence of steps is full, the scammer will first determine the goal after which ship them a hyperlink with a Gmail e-mail tackle to vote of their favor.

Fig 1: Scammer Message

While the hyperlink within the voting request message possible results in a reputable Instagram web page, victims are sometimes directed to an Instagram e-mail replace web page upon clicking — not the promised voting web page.  Also, for the reason that account sending the voting request is probably going acquainted to the rip-off goal, they’re extra prone to enter the scammer’s e-mail ID with out inspecting it intently.

During our analysis, we noticed scammers like Instagram’s accounts middle hyperlink to their targets like beneath hxxp[.]//

Fig 2. Email Updating Page

We took this chance to realize extra perception into the main points of how these misleading techniques are carried out, creating an e-mail account ( and and a dummy Instagram account utilizing that e-mail ( for testing functions.

Fig 3. Victim’s Personal Details

We visited the URL supplied within the chat and entered our testing e-mail ID as an alternative of getting into the e-mail tackle supplied by the scammer, which was “”

Fig 4. Adding Scammer’s Email Address in Victim Account

After including the tackle within the e-mail tackle discipline, we acquired a notification stating, “Adding this email will replace on this Instagram account”.

This is the purpose at which a rip-off goal will fall sufferer to one of these rip-off if they don’t seem to be conscious that they’re giving another person, with entry to the e-mail tackle, management of their Instagram account.

After deciding on Next, we have been redirected to the affirmation code web page. Here, scammers will ship the affirmation code acquired of their e-mail account and supply that code to victims, through an extra Instagram message, to finish the e-mail updating course of.

In our testing case, the verification code was despatched to the e-mail tackle

Fig 5. Confirmation Code Page

We acquired the verification code in our account and submitted it on the affirmation code web page.

Fig 6. Confirmation Code Mail

Once the ‘Add an Email Address’ process is accomplished, the scammer’s e-mail tackle is linked to the sufferer’s Instagram account. As a end result, the precise person might be unable to log in to their account because of the up to date e-mail tackle.

Fig 7. Victim’s Profile after updating Scammer’s e-mail

Because the scammer’s e-mail tackle ( was up to date the account proprietor — the rip-off sufferer will be unable to entry their account and can as an alternative obtain the message “Sorry, your password was incorrect. Please double-check your password.”

Fig 8. Victim attempting to login to their account.

The scammer will now change the sufferer’s account password by utilizing the “forgot password” perform with the brand new, scammer e-mail login ID.

Fig 9. Forgot Password Page


The password reset code might be despatched to the scammer’s e-mail tackle (

Fig 10. Reset the Password token acquired within the Scammer’s e-mail

After getting the e-mail, the scammer will “Reset your password” for the sufferer’s account.

Fig 11. Scammer Resetting the Password

After resetting the password, the scammer can take over the sufferer’s Instagram account.

Fig 12. The scammer took over the sufferer’s Instagram account.

To shield your self from Instagram scams:

  • Be cautious of contests, polls, or surveys that appear too good to be true or request delicate info.
  • Verify the legitimacy of contests or giveaways by checking the account’s authenticity, searching for official guidelines or phrases, and researching the organizer.
  • Avoid clicking on suspicious hyperlinks or offering private info to unknown sources.
  • Enable two-factor authentication (2FA) in your Instagram account so as to add an additional layer of safety.
  • Report suspicious exercise or accounts to Instagram for investigation.
  • If any of your mates ask you to assist them, contact them through textual content message or cellphone name, to make sure that their account has not been hacked first.
Introducing McAfee+

Identity theft safety and privateness to your digital life

//document.write('x3Cnoscript>x3Cimg height="1" width="1" style="display:none" src="" />x3C/noscript>');


Please enter your comment!
Please enter your name here