This is how they steal money from Instagram users from verified profiles

cyber criminals They are willing to take advantage of any opportunity that allows them defraud people. That is why they use the popularity of social networks, such as Instagramto find their victims.

As is well known, attackers have different methods to achieve their goal, however, cybersecurity specialists recently found that on Instagram they are doing a monitoring job to locate their potential victims.

How they commit fraud

According to ESET, a cybersecurity company, criminals monitor comments on profiles of financial institutions or verified companies on Instagram, waiting for a user to make a comment or go to a bank for help.

that way manage to identify users who are interested in receiving help through the profile of a bank or company. Seeing this, they quickly They contact through direct messages posing as a customer service representative.

The ultimate goal is to obtain personal information from the victim in order to gain access to their bank account and extract their funds. ESET shared a similar recent case describing how scammers are using fake profiles.

So they committed the fraud

“In these days we have known a case of a person who was about to go on vacation and to whom they tried to deceive her and obtain her access codes to her online bank account”.

The cybersecurity company said that the victim, a day before traveling, received a legitimate email from the airline, in which he was notified that the flight had been rescheduled for a day later. Faced with this situation, he decided to contact the company and left a comment on a post from the official account on Instagram in the hope that they could assist her and resolve some doubts due to the last minute change in her flight.

Through a scraping toolwhich allows monitoring comments and activity of a selected profile, the scammers found the person who had left a question in the official account of the airline and sent him a direct message from a fake profile, asking for a WhatsApp number to communicate and provide “help”.

The message sent to the victim had the basic characteristics of a message generated by a bot. Despite having the same legitimate company profile picture, the letter was sent by an unverified profile.

The victim, between his desperation noticed the account was suspicious for not being verified despite having the legend “official” in her username, so she shared her number.

A few minutes later they called him through a WhatsApp Business account from what seemed to be a typical customer service call center. The victim explains what happened and the false representative told her that the company would take care of the expenses for the night she would lose and that they would deposit the money in her account. However, instead of asking for the CBU (Uniform Bank Key), They asked for the document number and asked the security question that you set up in case you need to regain access to your bank account.

at that time and in the rush for obtaining this compensation, the victim fell into the trap and provided all the data. The scammers were trying to access her bank account while the victim thought she was talking to a legitimate agent and receiving compensation. As soon as she hung up she realized what had happened and immediately contacted her bank to block access.

In that case, having acted early, the criminals were unable to access the account, however, having a modus operandi established, criminals may have committed fraud before.

For this reason it is important that people do not raise their concerns in public comments, be sure to contact verified profilesbe suspicious if these look strange by having few publications, misspellings, among other aspects, but above all do not give private information that does not match the request.

Exit mobile version