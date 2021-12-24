An elaborate social engineering scam uses Instagram to deceive victims who are looking for used appliances and furniture. After breaking into legitimate accounts, criminals publish Stories advertising TVs, refrigerators, washing machines and other products in excellent condition and at attractive prices. The publication is made on behalf of a supposed friend or neighbor who is moving and needs to sell the items, which inhibits suspicion. With a lot of glibness, the scammers convince the victim to make a transfer via Pix to reserve the product, which is never delivered.

Nine Common Instagram Scams and How to Avoid Them

The starting point for the scam is a phishing action. Criminals create fake profiles of popular hotels and restaurants on Instagram and approach users via direct message (DM) offering promotions. To win the prizes, however, you need to provide your mobile number and click on a particular link, which is used by scammers to capture your account credentials. When the victim becomes aware of the fraud, he no longer has access to the profile.

1 of 4 Instagram is fertile ground for online scam application — Photo: Solen Feyissa/Unsplash Instagram is fertile ground for online scam application — Photo: Solen Feyissa/Unsplash

Stolen iPhone Scam: Has It Happened to You? Participate in the TechTudo Forum

That’s exactly what happened to Larissa, a university professor. The victim, who declined to be identified, fell for a fraudulent promotion posted by a fake profile of a famous restaurant and followed the alleged establishment’s instructions. As soon as he noticed that the account had been hacked, he tried to reverse the situation, but without success.

“I tried to change the password, I tried to click on a link received by email by Instagram itself stating that I didn’t recognize that access. But it was too late, as the swindler had already changed the cell phone number to recover the password”, explains Larissa. Without access to her Instagram account, she began contacting friends by other means to inform them of the fraud, and asked them to share the alert.

In possession of Larissa’s account, the criminals announced, in the Stories of the profile, the sale of used furniture and appliances. The product photos were very realistic and showed the interior of a house. According to the scammers, the ads were intended to help a friend get rid of the products.

Larissa managed to retrieve the account the morning after the break-in, repeating procedures that she said hadn’t worked the night before. “I cared about the people who could fall for the scam, and I was also worried about other information that the criminals could access within my profile”, says the teacher. After the scare, she went to the police station to file a police report, but decided not to proceed with the investigation.

Coup uses realistic photos and change pretext to deceive victims

The scam applied to Larissa’s profile deceived two victims and made them lose money. One of them is the aunt of Carolina Zanelato, a former student of Larissa. Carolina saw an ad for a refrigerator with an average price of R$ 3,500 being sold for R$ 1,900 and forwarded the offer to a WhatsApp group, which her aunt was part of.

On the same day, the victim, who declined to be identified, contacted the scammer, who asked for a transfer via Pix in the amount of R$600 to reserve the product. The key reported by the criminals, however, was not registered in Larissa’s name. This aroused the suspicion of the victim, who asked Carolina if the teacher was someone to be trusted.

2 of 4 Refrigerator ad made in the Stories of Larissa Ohara’s profile — Photo: Reproduction/Carolina Zanelato Refrigerator ad made in the Stories of Larissa Ohara’s profile — Photo: Reproduction/Carolina Zanelato

“The narrative made a lot of sense. The refrigerator had been in use for eight months and was being sold for a good price, but not that cheap. Besides, my teacher was someone very serious and trustworthy. Other friends who studied with me saw the publication and they didn’t suspect anything,” says Carolina.

With the support of his niece, the victim made the deposit. The next day, Carolina came across a post by Larissa on another social network stating that her Instagram profile had been hacked, but it was too late.

Almost the same thing did not happen with Guilherme Teixeira. He was getting ready to make a move and was looking for used items at affordable prices. That’s when he saw, on the profile of a close friend, advertisements with photos of used furniture, appliances and electronics.

Guilherme was interested in a refrigerator and a dry lava and, without suspecting the scam, got in touch with his false friend asking how he could buy the products. The scammer then responded by explaining that the items belonged to a friend who was moving and needed to get rid of the items. The criminal added that the products were being sold very quickly and that it would therefore be interesting to make a deposit to reserve them, as a down payment.

3 of 4 Conversation with scammer via Instagram direct message — Photo: Reproduction/Guilherme Teixeira Conversation with the scammer via direct message on Instagram — Photo: Reproduction/Guilherme Teixeira

Still unsuspecting, Guilherme asked to see the products in person. The criminal accepted, but sent a response that raised suspicions. “He said he would be home from 4 pm, because that was the time he left work. So, I remembered that my friend was unemployed and working only as a freelancer, I was suspicious and decided not to transfer money,” he explains.

At that moment, Guilherme sent a message via WhatsApp to his real friend, who reported having been a victim of intruders on Instagram, and discovered the fraud. If he had made the transfer, he would have lost R$ 2,800.

wanted by TechAll, Instagram said it has security mechanisms to detect the action of intruders and prevent them from accessing accounts, as well as resources to protect the security of users. In a statement, the company reinforced the importance of being suspicious of publications that offer goods and services at low prices and advised users to report suspicious posts and accounts.

“THE Instagram makes use of sophisticated systems to detect and stop malicious individuals before they gain access to accounts, and provides security features to help protect users, such as ‘two-factor authentication’ and ‘login activity’, as well as different paths to account recovery, which can be found in the Help Center. We also recommend that people be suspicious of publications on the internet that offer services and goods for a value below the market price and we ask that they report through the application publications and accounts that they consider suspicious”, states the Instagram note.

The social network shared instructions for keeping the account secure. These include enabling two-factor authentication and not sharing links or short codes received from Instagram via SMS or WhatsApp. Instagram also asks users to verify that their phone number and email are up to date in the app. According to the company, this data allows trying to recover access to the account, even if the information has been altered by a hacker.

The scam is well designed and, according to the victims, what is most misleading is the fact that the products are advertised in the profile of a close and trustworthy person. However, the modus operandi of criminals is similar, so you can escape fraud by following simple recommendations and paying attention to a few details.

For Fábio Assolini, senior security analyst at Kaspersky, before completing any transaction, it is important to confirm the authenticity of the story with the account owner through a channel not accessible to the scammer. It’s worth sending a message via WhatsApp or making a phone call, for example.

Another recommendation is to observe the Pix key data informed by the criminal. According to Assolini, sending a key registered in the name of a third party is one of the strongest indications that it is a scam.

4 of 4 Instant transaction liquidity makes Pix one of the most popular payment methods used by criminals — Photo: Helito Beggiora/TechTudo Instant transaction liquidity makes Pix one of the most popular payment methods used by criminals — Photo: Helito Beggiora/TechTudo

“It could be that the key belongs to an orange who is part of the criminal scheme, or someone unrelated to the scam, but who had the data used to open an account at a fintech”, explains the expert. He warns, however, that the scammer will always have an excuse for that, which reinforces the importance of checking the story with the account owner.

It is also worth paying attention to the criminal’s behavior. According to Assolini, the scammers are in a hurry and resort to various tricks to get the victim to transfer as quickly as possible.

“They will apply psychological pressure, saying that the products are running out or that there are many people interested in the item, for example, to justify the request to send a signal”, he warns. In this sense, the instant settlement of transfers via Pix works in favor of criminals, who receive the money instantly and can withdraw or transfer it quickly.

Finally, another tip is to do a reverse search of photos of advertised products. Using Google Images or TinEye, you can identify the source of images and find similar photographs. If they appear on sites like Mercado Livre, OLX and other used goods marketplaces, the Instagram ad is likely to be a scam.

If you were a victim of the scam, the recommendation is to contact your financial institution and report the fraud, requesting the refund of the amount sent.

“The complaint will be consolidated and sent to the bank’s or fintech’s security teams, which will subsequently act to freeze or cancel the Pix key”, explains Assolini. According to him, it is common to reuse Pix keys in scams. Therefore, reporting is important to prevent others from falling into fraud.

Next, it is necessary to notify the person who had the profile hacked, so that they can alert others about the occurrence of the scam and prevent new victims from appearing.

See too: Five tips for using the Whatsapp with safety