In a new phishing attempt discovered by Secureworks, hackers steal influencers,’ and businesses’ Instagram accounts with huge followings. The cybersecurity firm uncovered the effort in October when hackers took control of important accounts and demanded a ransom.
The perpetrators begin by sending a message purporting to be from Instagram, informing Instagram users of a suspected copyright violation. The message contains a link that directs recipients to a hacker-controlled website. The victim is then prompted to enter their Instagram login credentials, allowing the attackers complete control over their accounts.
Secureworks explained that the threat actors alter the password and username after controlling the Instagram account. The hijacked account’s updated username is a version of ‘pharabenfarway’ followed by a number that appears to reflect the number of followers.
The threat actors write on the profile that ‘this Instagram account is held to be sold back to its owner.’ A link made up of a truncated WhatsApp domain (wa . me) and a phone number is included in the comment. When you click the link, you’ll be sent to a WhatsApp discussion with the threat actors. Threat actors also approach the victim through text message at the phone number given on the account and begin negotiating a ransom for account access.
Secureworks revealed that hackers took over several accounts based on domain creation dates and started the campaign in 2021. The cybersecurity company discovered a post from September on underground forums where someone linked to the hackers is offering access to hacked Instagram accounts for around $40,000.
According to Secureworks, hackers provide phone numbers that indicate they are situated in Russia and Turkey. Further data suggest that at least one of the attackers is located in Turkey. The firm also noted that if passwords were repeated, hackers might get access to email accounts or other business resources.