A new Instagram scam seems to be going around, and it’s pretty serious. It’s a good old phishing scam, designed to look just like a message from Instagram. But the scammers behind it will hijack your account and ask for money to give it back to you – and it goes up to $40,000.
Instagram users are reporting a new scam on the app. Reportedly, they have been getting messages from random Instagram accounts claiming to have edited their images “for hours.” The scam is targeted at everyone, and if you’re a photographer, pay special attention.
We’ve all seen or been involved in different kinds of scams. Reddit user snarko7 draws our attention to a collaboration offer targeted at photographers that may be one of them. Although it will cost you only $14 if you fall for it, there’s a lesson behind it. It will help you if anything similar happens to you, with more money involved.
While checking my emails this morning, I saw an email from Instagram telling me they’re sorry to hear I was having trouble logging in. The address from which the email was sent seemed legit, and so did the body of the message. But the thing is – I didn’t have trouble logging in. So, instead of clicking on the link provided, I did a little research. It turns out that there has been a highly believable phishing scam going around. With this article, I want to help you recognize it and not fall for it.
Last month, Facebook and Instagram were hit by a major bug that exposed users’ passwords as plain text. Facebook has now confirmed that even more users were affected than it was initially estimated: and they are counted in millions.
Last night, I received an email from EyeEm about a “data security incident.” 22 million accounts have been compromised, exposing the users’ names, email addresses, and encrypted versions of passwords. However, EyeEm wasn’t the only victim of this data breach. It’s the same one that hit 500px, and it also affected 25 million users of Animoto.
If you own a Flickr account you should probably change your password the minute you read this post. Yahoo says that the data breach occurred in late 2014 and “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers“.
This does not mean that your Flickr password was necessarily stolen (and if it was, it is not that easy to un-hash hashed passwords), but you should probably change your password just to be safe. Especially if this user/password combo is used for more than Flickr.
You can read more about this breach on Yahoo’s FAQ.
P.S. in case you are looking for an alternative, here are some self hosted options for you.
If you’ve downloaded InstaAgent, an iOS and Android app designed to let you see who’s viewed your Instagram profile, you might want to delete it from your smartphone. According to a new report, the app – whose full name is ‘Who Viewed Your Profile – InstaAgent’ – is not only storing usernames and passwords in plaintext and sending them to a remote server, but also using those very credentials to log in and post unwanted images to users’ profiles.
InstaAgent has since been removed from both the Google Play Store and iOS App Store, but so long as it’s on your phone, it can still send your information.