Instagram giveaways are a common way for brands to make themselves known in exchange for a gift of a product or prize, but cybercriminals have begun to impersonate your identity to contact the participants and get hold of your personal data it is included with their bank accounts.
This has been alerted by the cybersecurity company Panda Security, which has detected ‘phishing’ attacks by cybercriminals who create virtually identical Instagram profiles to those of the brands that carry out contests on the social network, usually with a letter or symbol that differentiates them but that is not easy to appreciate.
In addition, attackers use the same logos that companies to support their covers and upload in their ‘timeline’ the latest photos and posts of the company they are impersonating.
With the contest as a hook, cybercriminals get in touch with the sweepstakes participants to communicate that they have supposedly been victors, and they follow them to be able to write to them privately.
In direct messages, send a link to a ‘phishing’ web page with contact forms to collect personal data such as physical address, email, passwords or date of birth. Even they come to ask for bank details to make some kind of transfer.
However, there have also been detectado ‘landing pages’ -pages reached after clicking on a link- in which, once the form is filled out, the ‘hackers’ direct the traffic to pages in which a malicious code to track your browsing by Internet.
At best, this ‘malware’ only indicates that a user is potentially easy prey for future scams. At worst, they can inject a ‘ransomware’ With which hijack digital identity of the Internet user.
Panda has recommended that participants in Instagram giveaways pay attention to some details to discover these scams, such as if the brands they rush their messages so as not to lose the prizes, or if the language is not correct (for example, mix you and you or include grammatical errors).
Likewise, the company advises use cybersecurity tools, so that even if the ‘hackers’ deceive the victim, they have protection against untrustworthy web pages.