Advice Request Potential hacker trying to hack my Instagram?

Please provide comments and solutions that are helpful to the author of this topic.

amirr

Level 27
Thread author
Verified
Top Poster
Well-known
Jan 26, 2020
1,632
Here is the conversation I had with a scammer that told me to send an screenshot with the link I got in an SMS. They hijacked a legit Instagram account of someone.

Scenario: The scammer posts a Instagram post asking a question and saying winners get $500. I did give a correct answer and she asked me to write her in DM.
Then she asked me my CashApp tag. I did write that to her.
Here are the rest of conversation in the screenshot below.
Interestingly, I got SMS on my phone, where its associated on my Instagram with the link. I don't know how she got the number, but I did not give out the number.
I wanted to know if this hacker is a skilled one or not?
Thanks.


1648580509827.png
 

Shadowra

Level 32
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,152
Never respond to this type of publication.
Either it sends you a phishing page, or you should send an SMS to a premium rate number.
Even worse with some that ask for a code to subscribe to dubious sites!

An advice, block this person and report it 😉
And delete any sms or other
 

amirr

Level 27
Thread author
Verified
Top Poster
Well-known
Jan 26, 2020
1,632
I did report within the Instagram application.
I deleted the SMS without clicking on the link.

Is there a way to facilitate the report process, for example to submit an online form in the support section of Instagram?
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,962
AFAIK, you should be safer when you setup 2FA via 3rd-party app like Authy or even Microsoft Authenticator. I'm using on mobile the latter, for me no scam on Instagram so far...
2FA per SMS is always a higher risk, Not recommended!

"How do I turn two-factor authentication on Instagram..." => https://help.instagram.com/1124604297705184
 

amirr

Level 27
Thread author
Verified
Top Poster
Well-known
Jan 26, 2020
1,632
I have 2FA enabled via phone, which is a Google Voice virtual number.
By the way, is Microsoft Authenticator better than the Google Authenticator? Thank you.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,962
I have 2FA enabled via phone, which is a Google Voice virtual number.
By the way, is Microsoft Authenticator better than the Google Authenticator? Thank you.

I chosen Microsoft Authenticator for main reason of updates frequency on mobile iOS, probably offers also more features...
 

ScandinavianFish

Level 7
Verified
Dec 12, 2021
322
Also make sure to use an password manager (I personally use Bitwarden) to generate and save strong and randomzied passwords across all your accounts.
 
  • Like
Reactions: amirr
F

ForgottenSeer 94654

Scenario: The scammer posts a Instagram post asking a question and saying winners get $500. I did give a correct answer and she asked me to write her in DM.
Then she asked me my CashApp tag. I did write that to her.
Why would you even participate when you should already know that nobody gives away $500 for you simply answering a question correctly? These scams have been on Instagram for over 10 years, and yet people still fall for them.
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Here is the conversation I had with a scammer that told me to send an screenshot with the link I got in an SMS. They hijacked a legit Instagram account of someone.

Scenario: The scammer posts a Instagram post asking a question and saying winners get $500. I did give a correct answer and she asked me to write her in DM.
Then she asked me my CashApp tag. I did write that to her.
Here are the rest of conversation in the screenshot below.
Interestingly, I got SMS on my phone, where its associated on my Instagram with the link. I don't know how she got the number, but I did not give out the number.
I wanted to know if this hacker is a skilled one or not?
Thanks.


View attachment 265340
You're thinking it backwards... Clicking on the verification link would be harmless. BUT screen shotting the link to the scammer would enable them to use the one-time link to take control of your account. You narrowly dodged a bullet.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,670
I have 2FA enabled via phone, which is a Google Voice virtual number.
By the way, is Microsoft Authenticator better than the Google Authenticator? Thank you.
Microsoft Authenticator has the benefit of a cloud backup. This is beneficial if something happens to your phone. If you use google Authenticator and lose your phone you better hope to whatever you believe in that you have all your backup codes for each account.
 

amirr

Level 27
Thread author
Verified
Top Poster
Well-known
Jan 26, 2020
1,632
Why would you even participate when you should already know that nobody gives away $500 for you simply answering a question correctly? These scams have been on Instagram for over 10 years, and yet people still fall for them.
I thought its legit. I had no idea the legit account of an artist on Instagram would be hijacked! I also needed money.
 

amirr

Level 27
Thread author
Verified
Top Poster
Well-known
Jan 26, 2020
1,632
You narrowly dodged a bullet.
You said it perfectly. But how come I did narrowly dodge a bullet? By not sending the screenshot you mean?
And how did I get a verification link in the SMS? Yes, the mobile number I used as a 2FA, but I wanted to know what the hacker did in order for me to get a link from Instagram?
 

amirr

Level 27
Thread author
Verified
Top Poster
Well-known
Jan 26, 2020
1,632
Microsoft Authenticator has the benefit of a cloud backup. This is beneficial if something happens to your phone. If you use google Authenticator and lose your phone you better hope to whatever you believe in that you have all your backup codes for each account.
Thanks, then I will switch to Microsoft Authenticator.
Can I export what I have in the Google Authenticator, to the Microsoft Authenticator?
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
719
I thought its legit. I had no idea the legit account of an artist on Instagram would be hijacked!
Legit accounts of "celebrity's" get hijacked all the time and often used for scam. Trust no celebrity account for any giveaway without thinking twice (at least) about it.
Nobody gives random internet stranger free money.
 
F

ForgottenSeer 94654

I thought its legit. I had no idea the legit account of an artist on Instagram would be hijacked! I also needed money.
Accounts are take-over daily on all social media.

And once again, nobody gives away $500 for just giving the correct answer to a question. What average artist has $500 to give away to everybody who can provide the correct answer to a question? That is a recipe for them to go bankrupt, if they had the $500 in the first place.

Money prizes are the bait. And you are the intended victim.

Trying to get money by doing what you're doing - by searching social media and particpating in money "prizes", you're likely to get hacked or have your identity stolen.

And you are the exact profile of person that hackers and scammers look for - "I need the money" so you justify your actions.
 
Last edited by a moderator:

amirr

Level 27
Thread author
Verified
Top Poster
Well-known
Jan 26, 2020
1,632
Trying to get money by doing what you're doing - by searching social media and particpating in money "prizes", you're likely to get hacked or have your identity stolen.
Yes, I never do that. I only came across to that scam, within a hijacked Instagram account
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top