Hijacked Instagram Accounts are being sold over the internet for $40K

Phishing is one of the oldest hacking methods that exist in the hacking manual. It is pretty common and people are quite aware of how it works and what they should do in order to stay safe from certain phishing attacks. But that doesn’t seem to be the case for everyone.

With many new cyber-attacks revealing themselves every day, we thought that we might see that end of phishing attacks. But as time passes by, we are seeing a rise in these phishing attacks as people are more fixated on other attacks that they seem to forget about it, which gives the attacker the edge they were looking for.

So how are these attackers getting a hold of these Instagram accounts? Well it’s both simple and complicated at the same time, because it might seem to be an ordinary phishing attack, but it is really dangerous.

Attackers are always looking for big influencers, creators, celebrities and even common users to make a mistake. For instance, the old way of hacking an account was that the attackers would send their target a link from an unknown account, users would click on that link and would be redirected to some page where they were catfished and they were instructed to enter their credentials and details which gave the attacker all the information they needed.

As users are well aware of these techniques, hackers have come up with a unique way of getting these users to click on these malicious links.

According to a research done by Secureworks, a phishing campaign was identified by their research team who were targeting high profile social media and Instagram accounts so that they can use it for their own benefit.

"Researchers identified numerous Instagram accounts compromised by pharabenfarway, indicating this campaign is widespread. CTU analysis revealed a large list of domains used in the campaign. Based on the domain creation dates, the campaign likely started in August 2021. A September underground forum post references pharabenfarway and advertises hijacked Instagram accounts for up to $40,000 USD."

A fake notification would pop up on the user’s screen where they would be told that one of their pictures has been reported for copyright infringement issue. Now the user would be provided with an appeal button which would redirect them to a webpage where they would be asked to enter their login credentials. This link isn’t really an official Instagram link, instead it is a fake domain used by hackers to get the information that they are after.

Once the user enters their password, the attacker has access to their account and can exploit anything and everything. They can send spam messages and links to your friends and would change your username which would indicate that the account has been compromised.
It is better to be cautious whenever you are entering your credentials on a website, because it could be a fake website created by an attacker to lure in its prey. No matter how real it may seem, it is always a good option to check the domain and the authenticity of the website. Analysts revealed that having a MFA or a 2FA increases the accounts security by around 99%, this makes it hard for the attackers to gain access of your account.

Read next: This infographic shows the top twenty giants that ruled the internet from 1998 till 2022
Previous Post Next Post