Jakarta, CNBC Indonesia – Online fraudsters trap victims with a new method, namely offering the lure of Instagram's blue tick.
According to the notes of cyber security observer from Akuncom Alfons Tanujaya, this fraud method has claimed many victims and the majority are MSME Instagram accounts with thousands of followers.
By posing as an Instagram admin and lured by getting a blue tick, the victim is offered a blue tick and taken to a phishing site to start the process of getting a blue tick.
“If the victim believes and enters his credentials, it is clear that he will not get a blue tick, but rather a blue heart because his account was hijacked,” said Alfons in a written statement, quoted by CNBC Indonesia, Friday (3/5/2024).
Hijacked accounts will be used to commit fraud in the name of the account owner and followers who will be targeted for fraud.
Followers are promised a cheap iPhone award promo specifically for them. If they believe and follow the promo, they are promised to be able to redeem an iPhone at a low price.
If you make a transfer to a fraudster's account, it's clear that you won't get an iPhone, but a fraud.
How blue tick fraud works
The fraudster will send a Direct Message (DM) to the owner of the Instagram account he is targeting. If you don't have a blue tick, then the victim will be lured with a blue tick and enter their credentials on a phishing site that has been prepared.
Meanwhile, blue tick owners will face the threat of having their blue tick revoked if they do not verify on the specified site.
To carry out their actions, fraudsters will create a special account with a convincing profile picture.
If the victim is deceived, he will click on the site from the link sent which is designed to look like the original Instagram site. At that time the victim will be directed to a phishing site to enter his personal data including his credentials.
And the account will immediately be taken over, including all emails and cellphone numbers related to the account will be immediately replaced by the fraudster. They will also activate Two Factor Authentication so that the account will be locked even if it is successfully reclaimed by the owner.
In fact, if the victim installs an antivirus that has an anti-phishing feature, the phishing site will be identified and the victim will be warned that he opened a phishing site.
What to do if your account is stolen
First, immediately announce it to all customers so that they don't become victims of fraud using your account. The way to do this is to use other channels such as WhatsApp groups, websites, SMS or other media that are believed to be able to reach all customers.
Second, report it immediately to Instagram and try to reclaim your account by filling in the data and following the process below https://www.instagram.com/hacked/.
Please note, if the fraudster has changed your email account and cellphone number, you can still prove that you are the original owner by ensuring that you still control the email account and cellphone number.
However, if the perpetrator has activated TFA on the account, then even if you successfully reclaim your Instagram account, you will still be locked and unable to access the account because you don't know which TFA was activated by the fraudster.
“Therefore, please be aware that activating TFA on your Instagram account before it is hacked will really help secure your Instagram account.” he concluded.
[Gambas:Video CNBC]
Next Article
Immediately delete these 13 applications from your Android cellphone, watch out for your account running out
(fab/fab)