Common Instagram scams and how to avoid them

Instagram is said to have over two billion active monthly users and is the third most popular social network in the world, behind only YouTube and Facebook. With those numbers, it should surprise no one that Instagram scams are rife.

This post will examine the most common ways scammers abuse Instagram for the usual payouts: identity theft, financial gain, etc. We’ll provide an overview of how each scam operates and tips to avoid it.

Before we do that, however, I should mention that all of these scams are, at their core, phishing scams adapted to the Instagram platform.

Instagram scams all have a phishing component

It’s the case with every social media scam – they all have a phishing component. In a phishing attack, a malicious actor sends you a message – a text, social media, or email message – in which they claim to be a business or a person you trust to deceive you into handing over your personal information or clicking on a malicious link to a site under the attacker’s control that will attempt to achieve the same thing.

Scammers always give you a seemingly legitimate reason for their request. They will usually add a time constraint to highlight the situation’s (fake) urgency to bypass your rational thought processes and get you to comply – which, of course, you shouldn’t.

That’s the phishing component; you’ll recognize it in every scam in this article. It’s a testament to just how adaptable phishing attacks are.

Let’s start.

Fake subscription scam

Also known as brushing scams, scammers asking for advanced payment for fake or non-existent goods or services have existed since the dawn of time. Of course, this scam carries over nicely to platforms like Instagram. The most common variation you’ll likely see on Instagram is scammers selling fake subscriptions to popular services.

All you need to do is provide your payment details to the seller, and you’ll have scored discounted subs for your favorite services/influencers/whatever. The problem is that even if you hear back from the seller with links to activate your “subscriptions,” there are no subscriptions, and the link is likely to take you to a bogus site under your attacker’s control, where you can sign up for more damage.

Don’t do it.

Scammers will troll around the network to see which accounts are the most popular, garner followers/subscribers, and then offer the same product or service at a lower price – lucky you! The offer will likely be time-constrained to compel you to act quickly without thinking too much. Don’t fall for it.

How to avoid a fake subscription scam

This scam can be perpetrated by someone impersonating the service/account you’re interested in subscribing to or a third party with a “great deal” for you. If it’s the latter, that’s your red flag right there. Even if it is legitimate, purchasing from a reseller will likely come with at least a few more strings attached than buying from the source directly. And for something like a subscription, stick with the source.

If your attacker is attempting to impersonate the account you’re interested in, there may be clues you can look for to confirm you’re dealing with an impersonator. Such scammers will usually make minute changes to the account name (much like URLs to bogus websites impersonating legitimate ones do). So, they may add a period, an extra letter, or an underscore to the account name. Take the time to study the account carefully because if all you give it is a glance, it may look indistinguishable from the genuine account.

Fake job scam

Looking for work can be challenging (and sometimes disheartening). So, when you manage to garner interest from an employer, you might jump for joy. Except, things are not always what they seem.

The fake job scam works much like the fake subscription scam but has a few differences. While the ostensible goal of the subscription scam is to scam you out of your money, the fake job scam is looking to steal your identity… along with your money.

If you fall for a fake job scam, you’ll be handing out your personal information to your attacker. However, fake jobs also often involve financial theft. So, your prospective employer may ask you to pay an application fee or pay for some tools/software necessary for the job ahead of time. That’s a big red flag right there.

Like many cons, the fake job scam feeds off your emotional state. You’re likely to feel happy and somewhat flattered by the interest; you’re also more likely to respond emotionally, i.e., non-critically. And that usually means sharing your information without making the proper verifications and forking over some cash, even though, in the back of your mind, where your reasoning has been relegated, you know something’s up.

Listen to the back of your mind.

How to avoid a fake job scam

Always look up the company or individual offering you work. A legitimate business is bound to have a website, and there’s a very high chance that any open positions will be posted on that website. Go and have a look before handing any information over.

You can also use the information you gleaned from the job posting to ask the offering party on Instagram some questions about the job. If their answers don’t align, it is likely that something’s up.

Also, if you’re being offered a position for which you’re not qualified, that should raise a few red flags. If it seems too good to be true, it probably is. That adage will be relevant until the end of time.

Romance scams

Romance scams are big on social apps because the line between social media and dating apps gets increasingly blurry with each passing day. Social apps have become popular with those seeking romance, relationships, and hookups.

Regarding Instagram romance scams, you often don’t meet your suitor on Instagram. The more common scenario is that you meet on a dedicated dating app. Only after exchanging a few intro messages will they ask you to move the conversation to Instagram (this applies to any social app). Once the conversation is on Instagram, they’ll ask you for intimate photos or videos, flirty messages, etc.

Once they have a nice cache of your compromising material, they’ll demand you send them money and threaten to make everything you sent them public unless you comply. There are quite a few variations of the romance scam. You’d be surprised what an emotionally invested person is willing to do to remain a love interest.

Things progress slowly to ensure you’re properly invested, but sooner or later, they start asking you for money, gift cards, pictures, videos, etc. They’ll take whatever they can get from you. They’ll either milk you for all the money you’re willing to give your new love interest or convince you to send compromising material to exploit you for money at a later date.

While these online scams proceed differently, their modus operandi revolves around soliciting money or compromising material that can be used to blackmail you into sending them money.

How to avoid romance scams

Don’t send money to strangers you meet on dating apps or social media. Don’t hand over your trust (or money) to people you just met. If someone you recently met on a dating app wants to move the conversation to a different platform, such as Instagram, that should raise some red flags.

And, of course, you don’t want to send compromising pictures or videos to people you don’t know and trust. That may sound like boilerplate common sense, yet romance scams are proliferating. Simply put, strangers asking you for lewd photos – irrespective of the accompanying flattery – should raise a big red flag.

Be mindful of convoluted scenarios. Meeting up with someone for a drink shouldn’t be very complicated. If it is, it’s probably not worthwhile and may be a scam.

Fake charity scams

Every social network is rife with fake charity scams. Preying on the well-meaning can be a profitable endeavor. Here’s what this one looks like: You open your Instagram to find an unsolicited message asking for generous donations to help the victims of a major tragedy (flood, earthquake, wildfire, etc.). The message is accompanied by heart-wrenching images of children caught in the disaster. You understandably emote. But while the tragedy may be real, the charity is not.

If your scammer follows the blueprint, the message includes a link for you to follow to donate. If you click that link, it will send you to a fake site under the attacker’s control. If you take things further and enter your payment details, you’ll just have sent money to your attacker. Worse, you’ll also have to hand them your credit card number, expiration date, etc. Everything they need to defraud your account.

Sometimes, these fake charity scams dispense with trying to look official, and the scammer will claim to simply be a regular Instagram user collecting funds to help the victims of a given tragedy. There may be a chance they’re for real, but it’s rather slim. And if you do send them money, you’ll simply never know where your money went.

How to avoid a fake charity scams

You should always do a minimum of research on charitable organizations before donating. Official charities are assigned a registration number that you can verify to confirm their legitimacy. Make sure you check those before forking over any cash.

Now, regarding the “random user” charity, there may be such individuals honestly collecting funds for victims, but they’re likely few and far between, so it amounts to a shot in the dark where the odds aren’t in your favor.

Remember that when you donate money to a legitimate charity, your donations are usually tax-deductible, but that “lone-Instagram-user-armchair-charity” probably won’t qualify.

Fake copyright infringement scam

With this one, you receive an official-looking email that appears to come from Instagram itself. The email states that some of your posts are in breach of copyright and that your account will be closed in 24 hours. “If you feel this is a mistake, follow this link to verify your account,” it says.

Why simply logging in to your Instagram account would clear up a copyright violation is dubious at best. Still, the heightened emotional state triggered by the prospect of losing your Instagram account makes many click on the link.

The link, you guessed it, takes you to a bogus Instagram-looking website under your attacker’s control. If you input your password, you’re handing it over to the attacker. This attack will often go above and beyond simply harvesting your Instagram credentials and will ask you to confirm your email and password as part of the “verification” process.

As a nice touch, you’re redirected to the actual Instagram site after you do that, giving you a nice, fuzzy feeling that all is well now. But it’s not. That’s just part of the con.

How to avoid a copyright infringement scam

First, a legitimate service is unlikely to send you a time-constrained email with a veiled threat that they will close your account unless you jump through some hoops. If you get such an email, check your Instagram account to see if anything’s amiss. If all is well, the email was a scam.

The resolution (log in to your account) for the issue at hand (copyright infringement) makes no sense. It’s because of the emotional state you’re in, given the prospect of losing your account, that you don’t think things through and comply. Take a deep breath and start thinking critically.

General advice to avoid Instagram scams

• Be mindful of offers that seem too good to be true. It’s doubtful, at best, that someone will agree to pay you large sums of money to message them a few times a day. They’re much more likely to attempt to draw you into a convoluted arrangement where you send them money. Don’t fall for it.
• A budding romance and money don’t mix well. If you meet a romantic interest online and they ask you to move to another platform, that should be a red flag. That red flag should catch fire if they ask you for money (without even having met). Don’t send money to strangers online.
• Don’t tip strangers. By that, I mean be very suspicious of unsolicited messages asking you for money for whatever reason. Given the current state of the world, it’s more likely than not to be a scam.
• Always keep your login credentials private. Don’t share them with anyone for any reason. It’s that simple.

General tips to keep your online accounts safe

The tips below will never go out of style. They’re always relevant, and you should follow them regardless of whether you want to avoid one particular threat on Instagram or elsewhere.

• Be conservative with your PII online. Don’t sign up for everything. Don’t hand out your details to every site you encounter. Only share your information with sites and services you trust.
• Don’t open attachments in emails unless you know who the sender is and you’ve confirmed with that person that they really did send you that email. You should also ensure they know the email contains an attachment and understand what the attachment is.
• Don’t click links (URLs) in emails unless you can confirm who sent you the link and its destination. Contacting the sender through another channel (not email) might also be good to ensure the sender is not impersonated. Also, check the link for incorrect spelling (faceboook instead of facebook or goggle instead of google)? If you can reach the destination without using the link, do that instead.
• Use a firewall. All major operating systems have built-in incoming firewalls, and all commercial routers on the market provide a built-in NAT firewall. Enable both. You’ll thank me if you click a malicious link.
• Use an antivirus program – Only purchase genuine and well-reviewed antivirus software from legitimate vendors. Keep your antivirus updated and set it up to run frequent scans and real-time monitoring.
• Keep your operating system updated – You want the latest OS updates. They contain the latest security patches that will fix any known vulnerabilities. Make sure you install them as soon as they’re available.
• Don’t give in to “warning fatigue” if your browser displays yet another warning about a website. Web browsers are becoming more secure with every passing day, which tends to raise the number of security prompts they display. Still, you should take those warnings seriously. So, if your browser displays a security prompt about a URL you’re attempting to visit, pay attention to your browser’s warning and get your information elsewhere. That’s especially true if you click a link you received by email or SMS – it could send you to a malicious site. Do not disregard your computer’s warning prompts; they could save you from a massive headache.

Instagram scams: Wrapping up

So, that was an overview of Instagram scams. They’re all a take on phishing scams that adapt to the platform on which they’re perpetrated. Some may appear more obvious than others, but they’re still good to keep in mind. You never know what circumstances might kick you into an emotional state that may compel you to comply with a scammer.

It’s critical to remember to stay grounded, remain rational, and make proper verifications before sharing anything online.

As always, stay safe.