This is how Instagram accounts are hacked

Social networks have become one of the most successful communication channels and platforms such as Facebook, Twitter and Instagram are used daily by millions of users, both for personal and commercial purposes. Instagram alone has more than 1 billion users a month, roughly one-eighth of the world’s population today.

Cybercriminals are increasingly coming to these popular sites hunting for prey for ‘hacking’ and extortion. In recent years, experts at cybersecurity company Trend Micro have observed various groups and baits linked to these schemes.

For maximum impact, the cybercriminals behind this campaign go after social media ‘influencers’, a pattern that has also been seen in previous campaigns. Having accumulated not thousands but millions of followers and often making money from brand offers, affiliate marketing and other means, influencers have a lot to lose if their accounts are compromised.


To attract targets, hackers often disguise their accounts as technical support accounts. Sometimes they assume the identity of a friend of the owner of the target account. They then use ‘phishing’ emails, messaging ‘apps’ like Telegram and WhatsApp, or Instagram itself to reach the potential victim. To do this, they create new accounts or reuse stolen accounts.

The content of the ‘hackers’ messages claims that the account owner has committed a copyright violation or that they can provide a verified credential. According to the ‘hackers’ message, the account will be deleted if the user does not verify their account by entering their data on a web page to which the hackers include a link in the message. The link leads to a ‘phishing’ site that mimics the official Instagram user interface.

If the user hands over their real credentials, the cybercriminals proceed to change the account password so that the original owner loses access to it. They then mine the account by downloading all the images and messages manually or through Instagram’s data backup feature. Hackers can even modify the account bio, share content through the ‘Stories’ function or reach the victim’s contacts.


At the same time, the ‘hackers’ begin to negotiate with the victim. They usually manage the ‘hacked’ account while the victim talks to them using a different account. They then demand a payment in the form of bitcoin, prepaid credit cards or vouchers in exchange for restoring access. Based on the activity detected in some bitcoin wallets related to this campaign, it seems that some targets could have paid, as detailed from Trend Micro.

However, negotiation is nothing more than a ruse. They do this only so that the victim is not forced to report the incident through the proper channels and so that they can buy some time, as downloading all account data can take up to two days. After the victim pays, the hackers will not return the account. Rather, they will only ask for more payments.

In many cases, a single malicious actor manually compromises multiple accounts at the same time. There are also cases where each malicious actor belonging to a group has a designated role in the campaign, such as the operator of the ‘hack’, the payment collector or the leader who oversees the operation.


Users, for their part, can protect their Instagram accounts – or any of their accounts ‘online’ – by following a series of basic security recommendations offered by Trend Micro experts.

First, they advise users to set up two-factor or multi-factor authentication. With this enabled, hackers will not be able to access an account even if they have the password. Instagram and many other sites have configuration settings for this.

It is also advised that links are never opened in emails and messages from unknown sources, as these links can lead to phishing sites. Users can consult the official support page of the affected service or website for more information in the event of ‘hacking’ or account deactivation.

Finally, they recommend using solutions to add layers of security such as Trend Micro Cloud App Security, which improves the security of Microsoft Office 365, Google Workspace and other cloud services by detecting hidden malicious URLs (such as ‘phishing’ sites). in the content and attachments of emails.

Also noteworthy are Trend Micro Worry-Free Services, which prevents credential ‘phishing’ messages and other email threats from reaching the network using ‘machine learning’ and other techniques; o Trend Micro Security, which offers home users protection against email, file and web threats on their devices.

Disclaimer: If you need to update/edit/remove this news or article then please contact our support team Learn more

Leave a Comment

Your email address will not be published.