Scammers take to Instagram
By Digital News Asia November 26, 2012
- Begins with users receiving a notification about an Instagram comment from an unfamiliar account
- Good news is that global spam rate dropped by more than 10% in October compared with September
THE October Symantec Intelligence Report finds that scammers are taking advantage of Instagram’s popularity which has recently crossed the 100-million user mark. The scammers are approaching it from a variety of angles, in much the same way as they have on other social networks, Symantec said in a statement.
It all began with users receiving a notification about an Instagram comment. It came from an unfamiliar account, had nothing to do with the photo, and was obviously spam:
The user appeared to be a rather attractive woman with followers in the thousands, but surprisingly for a photo-sharing service, not a single photo (click to enlarge).
Her profile bio said largely the same thing as the comment she left, but also included a shortened URL. What was interesting about this spam, setting it apart from similar comment in a blog, was that the link resided on the profile rather than in the spam message. It even included explicit instructions about visiting the profile and opening the link.
This could be due to URL monitoring carried out by Instagram, which could automatically remove a suspicious link if it was included in a comment, Symantec said.
The link ended up pointing to a premium mobile service that offered videos of cute animals for only €4.50 per month. To avail of this service, all users had to do was give their phone numbers.
Users then receive a sudden surge of followers in a short period of time. All of these new followers have a few things in common:
- They are all “women” with attractive profile pictures.
- None of them had posted any photos.
- Their profile Bios includes a quote, followed by a shortened URL
While the shortened URL was different in each profile, they all lead to the same location – an advertisement for fake jobs working in social media. All you had to do to “Get Paid $250/Day To Mess Around on Facebook And Instagram” was give them your name and email address.
This type of spam could lead to phishing scams, Symantec said. What’s disconcerting is that each profile had followers in the thousands.
This is likely due to the “call and response” nature of many social networks: you follow me and I’ll follow you. Each account was following far more profiles than were following it, further supporting this idea.
It’s important to note that Instagram isn’t alone when it comes to scams like these, and most social networks have methods to deal with them. Posting spam clearly violates Instagram’s community guidelines and accounts found guilty of doing so are quickly disabled.
Symantec recommends the following best practices to help users stay safe:
- Set your account to Private. This way you have control over who follows you and who doesn’t.
- Don’t follow arbitrary followers. If you suspect an account isn’t real, ignore it.
- Don’t click shortened URLs unless you know where they lead.
- Optional: Don’t follow or accept followers without photos. The exception to this rule is if you know the person. Some people do like to view photos, but don’t like to take them.
- Finally, report any suspicious accounts or comments to Instagram and follow their Privacy & Safety guidelines.
The October Symantec Intelligence Report also highlights a significant drop in email spam volumes in the month. The global spam rate has dropped by more than 10%, from 75% of email traffic in September, down to 64.8% in October.
In addition, the report also takes a look at the evolution of ransomware and discusses the rising numbers seen in the wild and the incorporation of new techniques. For details, please refer to the full report.
Other highlights
Malaysia is seeing a similar declining trend in October 2012 with a decrease of spam in email traffic by 10.2 percentage point to 65% from September 2012 (click chart on right to enlarge).
The global ratio of email-borne viruses in email traffic was one in 229.4 emails (0.44%) in October, a decrease of 0.04 percentage points since September.
Malaysia is seeing a similar declining trend as the global ratio of email-borne viruses in email traffic in October 2012, with a decrease to 1 in 444.5 emails in October 2012 compared to 1 in 369.8 in September 2012 (click chart on left to enlarge).
Phishing: In October, the global phishing rate decreased by 0.059 percentage points, taking the global average rate to one in 286.9 emails (0.35%) that comprised some form of phishing attack.
Web-based malware threats: In October, Symantec Intelligence identified an average of 933 websites each day globally harboring malware and other potentially unwanted programs including spyware and adware; an increase of 19.2% since September.
Endpoint threats: For much of 2012, variants of W32.Sality.AE and W32.Ramnit had been the most prevalent malicious threats blocked at the endpoint globally.
Variants of W32.Ramnit accounted for approximately 13.6% of all malware blocked at the endpoint in October, compared with 6.9% for all variants of W32.Sality.