Hackers are hijacking the Instagram accounts of companies and influencers with huge followings in a new phishing campaign identified by Secureworks.
The cybersecurity company said it discovered the effort in October, finding hackers taking over prominent accounts and demanding a ransom.
The people behind the attack start by sending a message pretending to be Instagram, notifying Instagram users of a purported instance of copyright infringement. There is a link in the message that takes victims to a website controlled by the hackers. From there, the user is asked to enter their Instagram login information, giving the attackers full access to their accounts.
“After gaining control of the Instagram account, the threat actors change the password and username. The modified username is a variation of ‘pharabenfarway’ followed by a number that appears to be the number of followers for the hijacked account,” Secureworks explained.
“The threat actors add a comment to the profile that ‘this Instagram account is held to be sold back to its owner.’ The comment includes a link composed of a shortened WhatsApp domain (wa . me) and a contact number. Clicking the link opens a WhatsApp chat conversation prompt with the threat actors. The threat actors also contact the victim