Bollywood actor Esha Deol became one of the latest people to have their Instagram accounts hacked. She took to Twitter on Sunday to inform publicly about the incident and warned her followers not to click on links from her direct messages (DMs) due to the hack. The 39-year-old celebrity lost access to her Instagram account because she fell victim to a simple phishing scam that’s been around for some time. Instagram itself also brought updates to its platform in the past to help people avoid getting trapped in such tricks, and we detail a few of them.
Deol received a DM that talked about a copyright violation along with a link to a phishing website that appears legitimate but is designed to extract passwords or other important information of users. If someone provides their password on such websites, hackers get them directly along with their usernames. This helps the bad actors easily sign in or otherwise take control of a victim’s account.
The way to trick people through fake copyright infringement messages on Instagram isn’t something new. It, in fact, has existed for some time and Kaspersky has written about such scams back in 2019.
“As soon as your data goes to the scammers, they can take over your Instagram profile and modify the information you need to recover it. From there, they can start demanding ransom to give the account back to you, or start spreading spam and all kinds of malicious content using your hijacked account,” the cybersecurity company said in its blog post.
Users are recommended to not click on any suspicious links even if they look real or even seem related to the Instagram support team. It is also important to note that platforms including Instagram provides two-factor authentication that helps restrict hacking incidents to some extent.
In October 2019, Instagram also brought an ‘Email from Instagram’ option that is accessible through the Security settings of the photo sharing app. It lists all the emails sent by the Instagram team in the last 14 days related to your account security and login. This helps you identify phishing and spam emails.
Instagram also notes in one of its support pages that official Instagram messages about account security are only being sent to your email address and not through a DM.