Spammers have long been leveraging social networking sites to pull off scams. Generally speaking, as the popularity of a service increases, so too do the illicit activities of scammers. It seems that the popular photo-sharing service Instagram is the latest social networking site to catch the attention of these scammers.
I discovered this first-hand when I received an Instagram photo comment, from an unfamiliar account, which had nothing to do with the photo:
"Hi there, Get a FREE Game in my Profile, OPEN it up, Get 85.90$ :-) xx"
I went to check out the user, who appeared to be a rather attractive woman with followers in the thousands, but surprisingly for a photo-sharing service, not a single photo.
Figure 1. Scammer’s Instagram profile
Who was this mysterious lady? Her profile bio said largely the same thing as the comment she left me, but also included a shortened URL. The link ended up pointing to a premium mobile service that offered to send me videos of cute animals for only €4.50 per month. To avail of this service, all I had to do was give them my phone number, and I’d no longer have to watch such videos for free on YouTube.
Figure 2. Premium-rate service
How successful are these various scam campaigns? It turns out they could be fairly lucrative. For instance, the shortened URL on my commenter’s profile has been clicked close to 10,000 times in little more than a month. If only a fraction of these users sign up for the premium rate service, the scammers could consider their efforts successful.
It’s important to note that Instagram isn’t alone when it comes to scams like these, and has methods to deal with them. In this month’s Symantec Intelligence Report, we discuss this scam in further detail, along with a couple others you may encounter on Instagram, and provide details on what to do if you encounter such scams yourself.