Have you been hit with the “I’m running for an ambassadorship position in an influencer program” scam on Instagram yet? It’s a scheme in which one of your Instagram “friends” asks you to help them by voting for them on a fake competition—and the scammers are getting more elaborate in their attempts to dupe people.
The risk comes in the voting: The scammer will ask you to vote by sending you a personalized link…which is actually a reset password URL for your account. The scammer will ask you to send them back a screenshot of the link but not to click on it. If you comply, they will manually input the URL on their end and gain access to your account, at which point they can reset your password, lock you out, and repeat the process with your friends and family.
How is the scam evolving?
As people catch on to scams, the perpetrators have to change things up. Recently, victims have been duped into the same situation via different methods. Some scammers are now using information they can gather from your public profile to build rapport with you.
These scammers could be your friends who have already been hacked, or someone who follows a couple of your friends, so you might think you know them from somewhere. If your photos indicate you’re a Muslim, they’ll greet you with “salam.” If you post pictures of your kids, they’ll ask you how they’re doing. If you’re a nurse, they’ll ask how questions about the workload at your clinic.
Having gained your trust, the scammer will ask you to input an email address they’ve sent you into your account settings, supposedly because that’s how the “ambassador program” will “confirm your vote.” But if you do this, you’re essentially giving them complete control over your account, as they will be able to use that email to send themselves a password reset link—and quickly lock you out. They can then repeat the process with your contacts while pretending to be you.
How to avoid the Instagram “voting” scam
Use two factor identification
Setting up two-factor identification is a great way to put another hurdle between your account and the scammers eager to breach it. If they attempt change your password while you have two-factor identification set up, they would also have to ask you for the code you’ll sent via email or text. And we all know better than to share our personal two-factor IDs with anyone, right?
Never send screenshots
This one was new to me—I didn’t know scammers would be able to send links that only generate on your side of the chat. But now I know: Never send screenshots with links or personal information to anyone you don’t 100% trust.
Never input an email that isn’t yours into your account settings
This one seems too obvious, but that’s what everyone thinks right before they fall victim to a scammer. Certainly it’s suspicious from the get-go, and if anyone asks to switch your account email to one that is not yours, for any reason, run far away (metaphorically).
Don’t use third party apps
When everyone else is using the trendy new apps that integrate with Instagram to see how they will look when they’re 80 years old, resist the inclination to join them. It’s best to never allow third party apps access to your Instagram account unless you are absolutely sure you can trust them not to steal your info or mess with your account settings.
Be suspicious of “friends” asking you to do things over private messages
I understand we all want to help our friends become Insta-famous so one day they can repay us the favor with an invite to Fyre Festival 2.0, but don’t act too quickly. If one of your friends is asking you to do something that seems off-brand, contact them through other means, like via a text message or Facebook, to make sure they haven’t been hacked first. You’ll be doing both of you a favor.
More from Lifehacker