By REBECCA RUTHERFORD
For the Los Alamos Daily Post
Did you know that you can lose access to your social media account just by accepting a follower/friend request? It’s a little more complicated than that, but it’s worth knowing how the scam works so you can avoid it.
If you receive a request to follow you from someone you don’t know, check out their account and see if it looks spammy or not. If the account is brand new, and has a low number of followers, that can be a sign it’s a spam account. But even if the account is well established with a lot of followers, it could be a spam account, or possibly just compromised.
Recently I received a request for a follower from some random Instagram account. At first glance it looked possibly legit, it was followed by accounts I follow, and seemed to be related to a local business, did not seem to be new, and had a decent number of followers. I accepted it, and immediately received a message along the lines of “Hey, can I add you to my online clothing platform on Instagram”. Yikes. But I wanted to see what the game was, so I said “Sure”. They then responded that they would send me a message with Telegram to help me get started. I do not use Telegram, but sure, go ahead. I then received a text message from Instagram to my phone number, with a code to reset my account. Yes, the text message was legitimately from Instagram, with a real reset code for resetting my password.
At that point I just went ahead and blocked the other account, but I know the next step would have been something along the lines of “Oh hey, can you send me that code so I can get you set up on my new clothing platform?” If I had said oh yes of course, they could have used that code to reset my Instagram password, login and compromise my account.
The scam can be confusing for people. How did the scammer even get in to request a password reset? Fairly simple.
Anyone with your phone number or username can request a password reset. The password reset will go to whatever phone number you have on file, but of course the scammer can use social engineering to try to get you to send them the code needed to reset your password. You can set your phone number to be private and only viewable by you in the Instagram privacy settings, but your username will always be public, so anyone can go to Instagram, enter your username and request a password reset, then try to scam you out of the reset code.
There are many, many variations on this scam, it won’t necessarily be a “clothing platform” it can be anything and then they will try to trick you into sending them the password reset code so they can take over your account. Do not ever, ever, EVER share a password reset code from anywhere with anyone. Once the scammers have this code they can get into your account, reset the password and contact info and lock you out.
Trying to regain a compromised account on Instagram can be a pain, so it’s best to avoid ever having to take this step. Once your account is compromised, the scammers will use it to scam everyone in your friends list and others as well until you can regain access.
What you need to know – avoid accepting follow or friend requests from unknown accounts, on any social media platforms and if you accept keep in mind, they may be scammers. If they try to interact with you in ways that feel odd and you get a password reset code from your social media platform, know that you are being scammed, do not give out the code and block the scammer account. Stay safe, avoid social media scams and keep control of your accounts.
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.