Willie Sutton had a famous response when asked why he robbed banks: “Because that’s where the money is.” Hackers seem to be following Willie’s advice. When it comes to phishing attacks, hackers go where the people are. And as Instagram catches up in popularity to Facebook, it’s become the go-to destination for hackers looking to exploit victims via phishing attacks.
According to an article on Bleeping Computer, “A phishing scam called The HotList is the latest scam currently making its way through Instagram. This scam pretends to be a list of pictures ranked on how ‘Hot’ they are, but just leads to a fake Instagram login page that is used to steal account logins and passwords.”
The article goes on to say that, “If you do fall victim to the HotList scam, the phishers will log into your account and use it to send further phishing messages to other Instagram users.”
So, if you think you’re hot, it could get you phished on Instagram. So too could thinking that you’re nasty. In other words, there’s more than one way to phish an Instagram user.
According to an article on Komando.com, “A new phishing attack is growing on Instagram that targets users with bogus messages. Victims get a message from a follower, potentially even someone they trust, saying they’ve been added to a nasty ‘list’ on another website. The only way you can see the list, though, is to log in with your Instagram username and password.”
If you do get phished in this attack, according to the article the “process turns your account into a kind of zombie profile, which the hackers use to spread the message to other people you follow.”
This is why Instagram attacks are so viral: every victim leads to hundreds of more emails, all of which are from trusted relationships. That’s the key to effective phishing attacks: sending what appears to be trusted emails.
There are really only two ways to defend yourself against phishing attacks that appear to come from people you know and trust. First, you can trust nothing. Assume every email is bogus and act accordingly. Of course, this defeats the purpose of online social interaction and makes it a pain to do anything.
The other way to defend yourself from these phishing attacks is to take yourself out of the equation and let technology protect you. After all, technology doesn’t fall for any of these phishing techniques because it doesn’t look at what you look at.
When you get an email, you look at the images and read the words. Anti-phishing technology doesn’t look at that. It looks at the underlying HTML code, but more importantly, it tests the underlying code to make sure it’s safe for you to interact with.
If you get to the point where you’re tired of having to mistrust every email and you just want to go about having fun online, check out quick and inexpensive phish protection technology. Then you can go back to being hot and nasty.