SECURITY TOPICS

Instagram Accounts Hacked,
Altered to Promote Adult Dating Spam

Scammers are hacking Instagram accounts and altering profiles with sexually suggestive imagery to lure users
to adult dating and porn spam.

Hacking Instagram Accounts

In early 2016, Symantec reported an influx of fake Instagram profiles luring users to adult dating sites. Over the year, Symantec observed Instagram accounts being hacked and used to promote adult dating spam.

The findings follow a previous report on Twitter accounts being hacked to post links to adult dating and sex personals, which bears some similarities to this new campaign. However, a direct link between them has not been established.

Website Security

Observations of Hacked Accounts

Traits of a Hacked Account

When these hacked Instagram accounts were first noticed, Symantec observed a few identifying traits:

 

  • Modified user name
  • Different profile image
  • Different profile full name
  • Different profile bio
  • Profile link changed/added
  • New photos uploaded

 

The profile instructs the user to visit the profile link, which is either a shortened URL or a direct link to the destination site. The profile image is changed to a photograph of a woman, regardless of the gender of the actual account owner.

In addition to modifying the profile information, attackers upload photographs, which are often sexually suggestive. However, they do not delete any images uploaded by the account owner.

Account Passwords Changed

The attackers also change the passwords for the breached accounts, which is how the original account owners may learn of the compromise. Even after a few months, these accounts remain in the same state, indicating that the real owners may have created new accounts since.

Scammers Get Lazy or Change Tactics?

Recently, we have noticed hacked Instagram accounts lacking some previously identified traits, such as:

  • Instagram user name remains the same
  • No new photos uploaded

It is unclear why these two identifying traits have been discarded. However, everything else remains intact, including the modified profile image and link.

 

Affiliate-based spam

As with similar scams, the profile links redirect to an intermediary site controlled by the scammer. This site contains a survey suggesting that a woman has nude photos to share and that the user will be directed to a site that offers “quick sex” rather than dating. Interestingly, this page only appears on mobile browsers. If the user tries to visit the URLs on a desktop computer or laptop, they are sent to a random Facebook user’s profile.

Once a user completes this survey, they are redirected to an adult dating website that contains an affiliate identification number. For each user that signs up to the site through this link, the affiliate, or in this case the scammers, will earn money.

Enable two-factor authentication (if available)

Earlier this year, Instagram began rolling out two-factor authentication to its users. This account security feature would prevent the scammers in this campaign from taking over accounts. However, not all Instagram users have this feature available to them. Users can check to see if the option is accessible by tapping the wheel icon on their profile.

How were these accounts hacked?

While we do not know how these accounts were compromised, we suspect that weak passwords and password reuse are the cause, especially since over 600 million passwords have surfaced in 2016 from breaches affecting other sites. 

Report hacked accounts

If you or someone you know has had their Instagram account hacked, report the account to Instagram. Note that Instagram will only release information to the account holder and not a third party.

The Evolving Threat Landscape

Symantec Blocks More than 1.1 M Web Attacks Daily

Since online communications and transactions are such an important part of everyday life, confidence and trust have never been more important.

The need to protect your organization and its reputation has made online security more vital than ever.

VIEW INFOGRAPHIC
Machine Learning: New Frontiers in Threat Detection

Machine Learning: New Frontiers in Advanced Threat Detection

Machine learning is one of the year’s hottest technology trends, driving innovation and making waves across both the enterprise and consumer technology landscape.

Continue Reading

Importance of Using a Firewall

The Importance of Using a Firewall for Threat Protection

While antivirus software helps to protect thefile system against unwanted programs, a firewall helps to keep attackers or external threats from getting access to your system in the first place.

Continue Reading

Vulnerability Assessment

Vulnerability Assessment

A vulnerability is a potential entry point through which a website’s functionality or data can be damaged, downloaded, or manipulated. A typical website (even the simplest blog) may have thousands of potential vulnerabilities.

Continue Reading

USE CASES

Symantec Website Security Solutions in the Real World

Join the Community

Join Security Discussions on Symantec Connect

SYMANTEC CONNECT

Follow Threat Intelligence on Twitter @Threatintel

SYMANTEC ON TWITTER

Watch Videos on the Symantec Website Security YouTube Channel

SYMANTEC ON YOUTUBE