It’s bad enough that social media risks your privacy and exposes you to false information. But you have to worry about scams, too.
Facebook has had more than its fair share of controversy and problems, but it’s also a prime target for crooks. You would think that COVID relief scams are a thing of the past, but they’re not. Tap or click here to protect yourself against Facebook scammers going after your money.
The Meta-owned Instagram is no stranger to scams. With over a billion users, crooks have an endless source of potential victims. This latest trick lures victims with the coveted blue badge. We’ll show you how to spot the scam and others like it.
Check, please
Here’s the hard truth: Unless you’re a celebrity, professional athlete, pop star, politician or another well-known public figure, you’ll likely never get a blue badge.
Instagram’s verified badge is simply a check that appears next to an account’s name in searches and on the profile. It means Instagram has confirmed that the account belongs to that public figure, celebrity or brand.
No matter who you are, you have to apply to get verified. Instagram does not send messages offering this level of verification. But that’s precisely how this recently discovered phishing scam works.
Cybersecurity company Vade discovered the scam in July and detailed it in a new blog post this week.
You’ve been pre-approved!
Scammers send an email from “ig badges” with the subject line “ig bluebadge info.”
The email weaves a story about the recipient’s Instagram account being reviewed and granted blue badge eligibility. Instagram and Facebook logos are included to add legitimacy.
All you have to do to get verified is click the “Badge Form” button in the email and fill out a form.
Click the button, and you’re taken to a website with a “teamcorrectionbadges” domain name. The page is designed to look like a legitimate one run by Instagram or Meta.
If you fill in the requested information and keep proceeding, you’ll eventually come to a page asking for your password.
Put in that information, and you’ll get a polite thank you message saying you’ll be contacted in about 48 hours. We hope you stopped going along with this process long before this step. If not, change your password immediately. Tap or click here for our latest password tips.
Vade says this Instagram phishing campaign began on July 22, “with email volumes reaching up to more than 1,000 per day on two occasions.”
RELATED: Data-hungry apps: These are the worst for your privacy
Preying on vanity
While social media is an excellent way to keep in touch with friends and family, the main goal for many users is elevating their status. You can never have too many followers, likes or subscribers.
Scammers impersonate social media companies for all types of tricks involving the promise of big payouts, but this one goes after something else people value: Status.
Social media platforms like Twitter, Instagram and TikTok have a verification system. And would-be influencers covet it as a badge of honor. Instagram has some information on how to get verified, which you can check out here. The main point to take away is that you have to apply for the badge yourself.
Red flags upon red flags
Many signs pointed to a scam, and we’ve covered them in previous reports. For example, the message was full of spelling and grammatical errors. “Thanks.you instagram team” — that’s pretty bad!
No matter which angle they’re going for, most scammers use similar tactics. Here are ways to avoid falling victim:
- Contact the company directly if you receive any message asking for personal information.
- Pay close attention to the URLs in any messages.
- Check for spelling and grammatical errors.
- If there’s a sense of urgency, it’s likely a scam. Look at threats of account deletion/suspension as prime examples.
- Don’t click on links and attachments that you receive in unsolicited emails. In fact, don’t click on any link that raises suspicions, no matter who you think it came from.
- Always log into your social media accounts through the app or website — never through email.
- Enable two-factor authentication (2FA) for all your online accounts that offer it. This will make it more difficult for hackers to access your accounts. Tap or click here to learn the benefits of 2FA.
- Always have a trusted antivirus program updated and running on all your devices. That way, you can avoid malware if you end up on a malicious site. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!