With over three billion monthly active users, Instagram is one of the most popular social media platforms in the world. A platform with an audience of this magnitude is bound to attract scammers looking to cash in on unsuspecting users. Unsurprisingly, Instagram is fertile ground for a variety of scams — from phishing and financial fraud to deepfakes. Fortunately, you can avoid becoming a victim by learning to identify Instagram scammers and following basic cybersecurity know-how.
Contents:
What are the most common Instagram scams?
As a social media platform, Instagram contains multiple channels for communication that scammers can exploit, including direct messages (DMs), stories, tags, and links in user bios. Although regular users are a common target, some scammers choose to go after influencers instead. Let’s cover some of the most common Instagram scams.
Phishing scams
Phishing scams are among the most common types of online fraud. They are an effective strategy where cybercriminals lure unsuspecting users into giving away their personal information, like login or financial details. Phishing scams on Instagram rely on these same tactics. Often, attackers send direct messages masquerading as businesses looking for collaborations in an attempt to trick users into opening malicious links.
The goal of Instagram scams is usually to gain access to the target’s login credentials, overtake their account access, and then use the account to spread the phishing link to more users. In some cases, scammers might not log in to the accounts themselves but instead create bundles of login credentials they can sell on the dark web.
Giveaway and lottery scams
You might have come across an Instagram influencer promoting sponsored lotteries or giveaways. Most of these contests are legitimate and adhere to the platform’s terms of service. However, scammers are known to exploit people’s love for free stuff. Once a real user announces a giveaway, scammers create a fake influencer account with a similar username to impersonate them.
The account, which is usually private, then sends direct messages to all the participants — found in the post’s likes and comments — to inform them that they’ve won the giveaway, but will need to cover the shipping themselves or provide some sort of personal information for verification. The scam then takes a turn for run-of-the-mill phishing — scammers send a link for the “winner” to submit their information.
False investment scams
Much like faux lottery and giveaway scams, false investment scams exploit people wanting to get something quickly and for free. Usually, false investment scams promise a quick way to make a fortune. Cryptocurrency investment scams are especially popular, with criminals telling their potential victims that a small investment in a new coin can yield rewards beyond their wildest imaginations. Unfortunately, if a user falls for the scam, the money they “invest” usually disappears within minutes, and the scammers can no longer be reached.
Job scams
Fake job scams offer users employment opportunities that are too good to be true. For instance, scammers pose as recruiters and send users a contract for a job that does not require any qualifications but offers unusually large pay. The goal here is to lure out as much personal information about you as possible, including their legal name, home address, and Social Security number. Scammers can then use this data for identity theft and financial fraud.
Loan scams
Loan scams function similarly to investment schemes and fake job adverts. Scammers create accounts pretending to be financial advisers and offer users loans with favorable interest rates. In reality, this is a scheme to extract deposits and credit information from unsuspecting Instagram users. Once the deposit is made, scammers deactivate their own account or block the user and disappear with the money.
AI-generated muse scams
Impersonation scams have been largely popular on Instagram for years, and AI-generated content has led to new subcategories of copycats. In AI-generated muse scams, cybercriminals create accounts pretending to be up-and-coming artists who found their target’s account content inspirational. The accounts tend to contain stolen or generated images of artwork to showcase the supposed talent.
Muse scammers message their targets and ask for permission to use photos for a project and promise to pay in return, but ask for a small compensation for art supplies. The target sends the money and receives a payment from the artist. After a short while, the artist contests the charge, keeping both their “commission” money and the “supply funds,” and blocks the target on both social media and financial platforms.
Deepfake impersonations
Deepfake impersonators often go for manipulation by pretending to be users’ friends or relatives. They send AI-generated and digitally altered images, voice messages, and post video stories that steal the likeness of a specific person that their target follows and interacts with on Instagram. In some cases, scammers use stolen Instagram accounts and contact users they already follow to appear more convincing.
The scammer typically asks for financial support, urging their target to send emergency funds to a specific bank account. After receiving the money, they follow the same pattern of either blocking the victim or deactivating the account.
Instagram romance scams
Romance scams, also known as catfishing, are usually associated with dating apps. However, Instagram’s social features made for a great breeding ground for such schemes. In most cases, romance scams take time to execute, lasting for months or years. Criminals start the courtship by commenting under posts or replying to stories. If the user responds and follows them back, the criminal can add them to their “Close friends” circle to lure them in deeper with personalized stories.
Once the bad actor is certain that they have their target wrapped around their finger, they start asking for money, expensive gifts, and plane tickets, promising to visit their “love interest” as a sign of gratitude and affection. In reality, once the gifts start rolling in and the scammer is satisfied, they disappear without a trace.
Paid subscription services
Paid subscription service schemes are Instagram money scams that tend to target influencers and combine impersonation with persuasion. Bad actors looking to make a profit might pretend to be third-party representatives who help with influencer account growth and offer a one-time payment for a lifetime subscription to online services like digital courses or specialty software. In reality, the user receives no content or software, and the scheme only serves to get money into cybercriminals’ pockets.
How to spot Instagram scammers
Scammers on the platform can appear sneaky, but spotting them takes just a bit of awareness. If you’re having second guesses about a user that just DM’d you, look for these red flags:
Unverified profiles. If an account claiming to be a business has contacted you, check if it has the “Verified” checkmark. One of the biggest red flags that you’re interacting with a scam account on Instagram is the fact that it is not verified. Legitimate accounts that offer some sort of service tend to be verified by Instagram. Keep in mind that smaller businesses might not purchase Instagram verification, so double-check their official website and see if it links to the same Instagram account. If not, report the fake account as a scam.
Account age. Scammers are known to hop from one account to another. If they got in touch the same day they created the account, they probably have nefarious intentions. You can check the account age — including private accounts — by opening their profile, tapping the three dots at the top right corner, and selecting “About this account.”
Grammar mistakes. Poor grammar is a classic giveaway in most online scams. Even AI-generated messages can feel off to the reader. If you notice that a message offering you goods or services is written poorly, you might need to take it as a major red flag. However, some international company representatives might speak English as a second language and leave genuine errors, so look for other signs on this list too.
Persuasion and pressure. Scammers hope that you will act fast without thinking about the consequences. If you’ve received a slew of messages urging you to tap the link or download an attachment, or else you’ll forfeit your giveaway prize or special deal, you’re very likely a target of a scam.
Too-good-to-be-true deals. If the deal sounds unrealistically good, it probably isn’t real. Use your common sense. If a brand new account is messaging you to let you know you’re the winner of a competition hosted by an established user, or if a completely unknown business is telling you you’ve received a loyalty deal with an 85% discount on the newest iPhone, you’re being scammed.
Requests for money transfers. Although Instagram supports some financial transactions through its verification and creators’ marketplace programs, scammers tend to demand payments be made on external platforms, like Zelle, Venmo, or via cryptocurrency wallets. If a scam is finalized outside of Instagram, the app’s support can’t help you. So if you feel pressured into transferring money, don’t cave in, and report the account.
What to do if you got scammed on Instagram
Some scams are more sophisticated than others, and there’s no shame in falling for one. However, becoming a target can have dangerous outcomes if not taken seriously or acted upon in a timely manner, ranging from lost funds to identity theft. If you’ve fallen for an Instagram scam, you should act quick and follow these steps.
Update your credentials. Scammers often go right after your sensitive information, including your passwords and usernames. If you happen to reuse passwords for multiple accounts, cybercriminals essentially gain easy access to every single one. As soon as you find out that you’ve been scammed, you should update your Instagram login credentials, as well as any account that uses the same password. You should also switch on two-factor authentication on Instagram to prevent criminals from logging in to your account without your knowledge.
Report the scam to Instagram. Make sure to report a scam or a suspicious account to Instagram. This can help the platform take action and limit scammers’ reach. Visit Instagram’s help center for detailed instructions on how to report different types of scams.
Monitor your financial accounts and contact your bank. The objective of many scammers is to make a profit through deception. If you’ve been scammed on Instagram and transferred money to the criminals, report the transaction to your bank immediately. Keep in mind that Instagram may be unable to help with transactions done outside the platform.
Freeze your credit. If you detect any suspicious activity, block your credit or debit cards and put a limit on transactions to ensure that your finances are not affected. Compromised credit accounts can increase the risk of identity theft.
How to avoid scammers on Instagram
Scammers on Instagram don’t care if your account is public or private, personal or business — as long as they can message you, they can perceive you as a potential target. To stay safe and avoid having your personal information compromised, follow these steps.
Restrict your direct messages
Instagram, like other social media platforms, allows you to make your account private and restrict direct messages to mutual connections only. By restricting who can see your posts on the platform and interact with you, you can avoid suspicious and unsolicited messages from potential scammers.
Use strong passwords
A strong password is essential to ensure the security of your Instagram account. If you’re using a simple, easy-to-remember password to secure your account, you’re making a hacker’s job easier and putting your personal security at risk. A strong password should be at least 15 characters long and combine numbers, special symbols, as well as uppercase and lowercase letters. Always use one password per account.
To manage and remember strong and unique passwords easily, you might want to consider getting a password manager like NordPass. A password manager provides a secure place to store and access your passwords, credit card details, and other sensitive information. NordPass’ Password Generator also helps you handle the fuss of creating unique passwords for all your accounts, and once you’ve saved them, you can easily autofill them whenever you log in on your desktop browser or mobile device.
Enable multi-factor authentication
Multi-factor authentication (MFA) provides an extra layer of security and requires an additional step of verification beyond a password and a username. By enabling MFA, your accounts can remain secure even if your password is compromised because cybercriminals don’t have access to your authentication device.
The most popular MFA method is two-factor authentication, which typically uses a time-based one-time password (TOTP) to verify your login attempt. You receive a multi-digit code via an authentication app, voice call, or email message. Although SMS-based verification is also available, it can be easily spoofed through SIM swapping attacks and is generally discouraged. You can use NordPass Authenticator to store and autofill authentication codes for each of your accounts.
Don’t open suspicious links
Refrain from opening links that come from unknown sources, DMs, and bio links from accounts you don’t follow. It is extremely rare for a legitimate service provider to urge you to open a link or download an attachment. Instagram may not always load a preview of the link. In these cases, delete the message and block the sender.
Only buy from verified profiles
If you’re a frequent shopper on the Instagram creators’ marketplace, make sure to stick to verified sellers only. Don’t take chances with unverified profiles even if the deal looks amazing. Never make payments outside the platform — buy via the app to ensure Instagram’s team can support you in case the purchase is fraudulent.
Don’t share your personal information over DMs
Keep what you share with strangers to a minimum. Don’t reveal identifiable personal information, like your full name, home address, or bank account details, even if you think you’re talking to someone you know, because their account may be compromised. Likewise, don’t enter any personal data into links sent to you by unknown accounts because they’re likely running a phishing scam.
Monitor your login activity
Most social media platforms, including Instagram, will send you an email warning or an in-app alert if suspicious login activity is detected. Take these warnings seriously and act on them. You can also remotely log out of any unrecognized login sessions:
Open Instagram, tap your profile image at the bottom right corner of the app. Then, tap the hamburger menu at the top right corner.
Select “Accounts center.”
Tap “Password and security” and, under “Security checks,” select “Where you’re logged in.”
Open your login activity and tap a suspicious session. Then, select “Log out.”
Bottom line
Instagram can be a fun, interesting, and at times even educational platform that provides a convenient way to stay connected with friends and family or discover new, inspiring people to follow. Unfortunately, it is also a place that attracts people with nefarious intentions that spoil the fun and put your personal security at risk. But as long as you take the time to educate yourself about the potential dangers that lurk on the platform and stay vigilant about them, you’ll have nothing to worry about.