Security News

Instagram bans are now being sold as crime-as-a-service

David Strom, 7 Sep 2021
David Strom, 7 Sep 2021

Bans-as-a-service take advantage of Instagram's loose policies, and they're available for a low price

Cybercriminals are expanding their “services” by offering to ban an Instagram user for the low, low price of $60. This was recently reported by Motherboard, whose research showed that anyone on Instagram can harass or censor anyone else. The notion is actually pretty clever, because the same criminals (and their close accomplices) can then offer a “restoration” service to the victim for several thousands of dollars.

The team at Motherboard interviewed a user offering the ban service. The user, who uses the handle “War,” claims they have made five figures from doing it mostly full time over the past several years. They take advantage of Instagram’s loose policies and file impersonation (or content violation) complaints directly with the social network. The criminals duplicate a legit account profile, using legit photos and other details, and create a bogus account that appears to be verified. There are other criminals who offer bans-as-a-service for prices ranging between €5 and €30 per account, depending on the number of followers.

Instagram has a support page that walks you through how to protest a disabled or banned account. Back in 2019, the company began testing various recovery methods and beefing up its account security. Obviously, these measures haven’t stopped criminals from taking advantage of users, especially if they know the phone number or email address connected to the account. Instagram is investigating these banners and will hopefully act to remove them.

Other bloggers have expressed skepticism that the company has failed to act in the past to remove criminals. One in particular is security consultant Graham Cluely, who says, “Frankly, because of its business model, customer service is never going to be a priority for them.” 

Cluely offers a few suggestions to combat this practice, including using two-factor authentication and getting your account verified. Another good recommendation is to backup the photos and videos that you have posted to your account in case it is compromised.

One final suggestion: choose your profile photo carefully. Cluely recommends changing your avatar to something that doesn’t show your face. This is based on Motherboard’s interview with “War”, in which the latter claimed that they purposely target accounts with such photos. 


Further reading:
Simple steps to take back your privacy from Instagram