Basically what happened was that there are people trying to perform social engineering hacking to obtain any user’s IG by sending them a phishing site to lure them to key in their account credential and therefore getting their login info.

What’s Phishing

For those who don’t know what is phishing – https://www.phishing.org/what-is-phishing. In short it’s one of the cybercrimes where the attackers will lure the users to a website that looks like the actual website they’ve visited. Because the site looks exactly the same as the one that they usually login to, the users will then keyin their username & password at the fake site, and therefore their credential will be collected by the person who built the fake site. 

 

What Type of Account They are Targeting

Phishing usually happens on banking websites but it has transformed to target on different sites like email, social media account, gaming account etc. 

 

Why Do They Do So?

There are several reasons  why they did that. If it is banking related, it’s always scamming your bank account balance. But if it is email or social media most likely is to blackmail you, and they always request for ransom in order for them to release your account. Some will use your email to perform spam or scam activities. https://www.bravonet.my/2020/04/25/why-is-your-corporate-email-went-into-recipients-junk-box/

In case you’ve accidentally exposed your credential to any of the phishing sites, the first thing they will do is to change your password if they are able to do so, but today’s security practice makes it harder for hackers to do so since the OTP (one time password) technology has been introduced.

 

The blue tick scamming in Instagram

What happened was there are many scammers/hackers trying to scam the IG’s users (especially with lots of followers) by sending those victims a DM and telling them that they are the team to assist them in verify their IG account to provide blue tick verification.

For those who don’t know what blue tick is, it was introduced by Facebook to provide a verification to account owners to recognise the account as a genuine account after there are so many imposter accounts circulating around.

Currently there are tons of tutorial saying that they can provide you a guarantee way to get your  blue tick for your FB or IG account but the actual ways has been listed in IG’s help page https://www.facebook.com/help/instagram/854227311295302 (some people just for to do Google search). FYI, there are certain requirements to have your business account verified before you can proceed with the registration.

 

Below is one the example how’s scammers/hackers trying to perform

The page owner was the founder of one of the well known Makeup Artist companies in Malaysia https://www.instagram.com/ymcheokmakeup/. Out of the blue she received a DM from a stranger that pretended they are the representative from IG to perform blue tick verification.

Through several conversions, they lure the owner to key in her username and password in a fake website called bluetickoffice.com. The UI looks like FB & IG official site, and for those that aren’t aware, they will fall into the trap and key in their identity as usual. 

Once the account owner filled in, the next minute she was logged out and she can’t be login anymore. 

Fortunately for the owner, the hacker didn’t manage to change the account’s mobile number as it required OTP to perform it. Although she can’t log into her account, she tried to reset her password again but no luck as the hacker changed her email as well. 

Since her number it’s still not changed, we are able to assist her to reset her password again by identifying her phone number. Lucky for her, she managed to get back her account. 

After the incident, it’s very important to secure your social media account by allowing several security settings in your account such as 2FA.  https://help.instagram.com/566810106808145