Every month, a couple accounts contact me on Instagram, say they work for the platform, and threaten to delete my handle unless I click on bogus URLs designed to collect my personal information. As far as I can tell, they’re after one thing: My blue check mark.
I’m decidedly not famous, but I have a verified Instagram account thanks to a previous job. (I ran the company Instagram, among other things.) Scammers often send me sketchy messages saying my profile has violated copyright law and will be removed in 24 hours if I don’t fill out a form. I could safely ignore the scam, and I often report it to Instagram. But lately, I’ve decided to message the tricksters back to see what I can learn about the grift.
Let’s make one thing clear before we continue: Instagram does not DM users if their posts are found in violation of the company’s policies, including copyright. The offending post would instead simply be removed, and you’d receive a notification about this action, which you could then appeal.
I’ve responded to a dozen or so of these scammers, and I’ve gleaned some new details about the method, which one phisher says “too many” people to count fall for.
The hustle I’m experiencing is an example of a phishing scheme, a common con used to trick people into sharing private information. This new Instagram strain has an added element that increases its potency: These messages can come from verified handles, which makes them look more legit.
In other words, for scammers, blue check marks can beget more blue check marks. Users are tricked into trusting the hijacked accounts, hand their information over, and get taken over themselves. Though the criteria and process around attaining Instagram verification and the…