If an account slides into your DMs saying you’ve won a competition or that you should check out a way to make money quickly, or is offering some kind of promotional collaboration, then it’s probably too good to be true. (You should delete the messages and report the scam.)
“When it comes to spotting a scam on Instagram, people should look out for messages asking you to click on a link, even if they appear to come from a friend, a trusted brand, or Instagram itself,” Barker adds. Scam messages often include typos, poor English, or want you to click on a link taking you away from the app. They often also come from recently created accounts.
Scammers have been spotted using Instagram’s logo and branding to send tech, verification, or security support messages to people via DMs. These are all fakes. Instagram says it will never send you direct messages about your account. (You can see official emails from Instagram in the app’s settings.) “Look out for posts about giveaways, gift cards, and investment schemes, as these are common tactics for criminals,” Barker says. If a brand is contacting you from an unverified account, you should be very cautious about replying.
Scams also come through Instagram Stories. “Fraudsters abuse the Instagram Stories feature, posting scams there that autodelete after 24 hours,” says Chris Boyd, lead malware intelligence analyst at cybersecurity firm Malwarebytes. “The scam is hidden behind their profile picture; you won’t see it in the main collection of images,” Boyd says, adding that this move helps to keep the scam away from Instagram feeds and automatically vanish, making it harder to detect.
While competition scams and attempts to access people’s accounts aren’t new, Instagram has also seen a rise in “hostage-style” scams, where people are forced to post videos telling people to invest in bitcoin or other cryptocurrencies to get their hacked accounts returned. Multiple Instagram users, as reported by VICE, have been pressured into recording videos after their accounts were hacked. Other people report losing thousands to Instagram scammers. The incidents highlight why you shouldn’t trust every account you follow.
“Cryptocurrency scams are quick methods to whisk users away from the relative safety of the Instagram platform and onto trading sites where Instagram can’t help,” Boyd says. “Extortion-driven cryptocurrency endorsements are a smart move on the part of the scammer. Leveraging people you know and trust in visual mediums to promote something is always going to be more convincing than a random email.”
How to Avoid Getting Scammed
There are things you can do to avoid getting hacked and the worst scams—these are a mixture of security settings and slight behavioral tweaks. Thankfully the process isn’t too complicated, and small changes can make a big difference.
First, as mentioned earlier, you should avoid clicking on links that are sent to you, especially from accounts that you don’t know personally, or if someone you know sends a URL that seems out of character. “Following an account for many months still may not make it an authentic account,” Moore says.