Security News

Instagram accounts frozen with threat of ransom

Avast Security News Team, 3 October 2018

Learn how to avoid falling victim to the current Instagram threat or any social attack.

Not a pretty picture: A current threat actively terrorizing Instagram users is shutting down high-profile accounts. A recent string of cyberattacks targeting popular influencers — some with over 100,000 followers — have account-holders alarmed while the social media company itself has not yet commented.

The hackers gain access to the accounts through a phishing scam posing as a potential business partnership. The victims receive an email containing a proposal to work together and a link to what the sender claims is their own Instagram site. When the victims click the link, they are taken to a phony Instagram login page, designed to capture all entered credentials. Once the victim “logs in,” the hackers have the username and password.

The hackers then use the stolen credentials to log into the influencer’s account. To be clear, what’s going on behind the scenes is that the criminal is simply locking the user out of his or her own account, and then demanding a ransom in Bitcoin to regain access. The requested ransoms have been fairly low — one case was $110, another was $122. Panicked at losing the following the victim has built up over time, some paid the ransom, but to no avail. The ransomers did not decrypt the accounts.

While it sounds like yet another upsetting attack on our daily social lives, Avast Security Evangelist Luis Corrons points out that there’s an easy solution to ward off such cyber thugs:  “These attacks can easily be avoided by enabling two-factor authentication,” he explains. “I believe that well-established social media companies should in fact enable 2FA by default; this alone would decrease the number of hacked accounts to almost zero.” Corrons goes on to say that today’s technology offers a number of non-intrusive two-factor authentication systems that increase the security of our accounts without being a nuisance for users.

“Every one of my accounts, from Facebook to Twitter, LinkedIn to Google, have two-factor authentication enabled – and it’s nearly transparent in use. In fact, I could publish my passwords on the web for all to see and people would still not be able to log into my accounts due to the extra layer of security that 2FA provides.”

To make sure you are never the hapless victim of ransomware, Avast recommends:

  1. Enable two-factor authentication whenever possible — As Corrons recommends, 2FA is an easy, friendly, and low-hanging security technology that you can turn on with the click or tap of a toggle button. Do it – and here’s how to enable it for Instagram.

  2. Think twice before clicking — Instead of clicking on links in emails, close the email and enter the intended website “through the front door,” as it were. For example, if an email claiming to be an Instagram entity invites you to click a link to see their Instagram page, close the email and open your Instagram app, then search for the mysterious user that way. (Chances are you won’t find them.)

  3. Use an antivirus — Robust AV software like Avast Free Antivirus stops malware before it can download on your system and flags malicious websites, bringing all the hidden dangers of the internet into the light.