CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Instagram logo on a smartphone with a security padlock showing hacked Instagram accounts
Cyber SecurityNews
·3 min read

Attackers Publicly Demanding Ransom From Hacked Instagram Account Owners in a Brazen Phishing Campaign

Alicia Hope·February 14, 2022
TwitterFacebookLinkedIn

Security researchers at Secureworks Counter Threat Unit (CTU) discovered an Instagram phishing campaign targeting corporate and influencer accounts with a large number of followers. The hackers gain control of the targeted account through phishing and force the victim to pay a ransom to repossess the hacked Instagram account.

The attackers accuse the Instagram account owner of copyright infringement and threaten to delete the account unless the target fills an appeal form. They provide a link leading to a customized phishing landing page resembling the target’s account.

The page contains an appeal button leading to a fake login page that demands the victim’s Instagram login credentials. Once the victim provides the username and password, the hackers gain access to the account.

Attackers modify the hacked Instagram account and publicly demand a ransom

After gaining control of the Instagram account, they modify the account’s username and change the hacked Instagram account’s password. The modified username is a variation of “pharabenfarway” followed by the number of followers.

The attackers then post a message on the user’s bio stating that the hacked Instagram account is held to be sold back to its owner.

Additionally, they include a shortened link to a WhatsApp URL and a contact number. Clicking on the WhatsApp link opens a chat with the attackers. They also contact the victim using the phone number listed on the hacked Instagram account and begin negotiating a ransom.

The researchers identified the threat actors behind the Instagram phishing campaign through a pbfy[.]business website as Pharaben and Farway. The suspected Turkish and Russian citizens describe themselves as “advanced experts in social media and hacking.”

Pharaben uses a contact number with a Russian country code, while Farway’s phone number has a Turkish code suggesting they are citizens of these countries.

Additionally, one of the phishing pages references a Turkish file-sharing service hizliresim[.]com, and one threat actor has communicated through a Turkish Instagram account.

In August 2021, a threat actor identified by the same moniker had posted on an underground forum selling hacked Instagram accounts for $40,000.

Significant damage to corporate social media accounts

The researchers warned that while social media hacking seems insignificant, threat actors could access email accounts or other corporate resources via hijacked Instagram accounts. Additionally, the hackers could misuse a hacked Instagram account to damage an organization’s brand and reputation to gain more leverage and force ransom payment.

“The popularity of social media has made it a primary communications platform for many organizations,” says Chris Clements, VP of Solutions Architecture at Cerberus Sentinel. “Having that hijacked by cybercriminals is at best embarrassing and at worst can cause significant reputational harm.

“An account taken over that makes embarrassing posts can be funny, but there is also a danger of real harm if the attackers’ posts are more malicious. Scams such as the incident with Twitter’s internal tools being used to hijack several popular users in 2021 to steal cryptocurrency can defraud consumers who trust the brand.”

Clements adds that cybercriminals could post malware links on corporate social media accounts, causing data loss and privacy infringement. Similarly, the compromise of social media accounts used for coordinating various activities could cause chaos.

“For example, a college or school account that gets hijacked may be able to cause problems by posting that classes have been canceled when they, in fact, have not.”

Similarly, many influencers depend on their Instagram accounts for income and are likely to pay to avoid losing their source of livelihood.

“Given the value of influencer social media accounts, and the time, effort and cost it would take to create a new account and reclaim followers and a verified or trusted status, the victims are likely to pay to recover the account,” says Erich Kron, Security Awareness Advocate at KnowBe4.

The researchers listed the indicators of compromise including phishing domain IP addresses and threat actors’ usernames to help Instagram account owners defend themselves against phishing.

Surprisingly, the phishing campaign reportedly continued despite the hackers posting the same message on all hacked Instagram accounts’ bio and announcing their criminal intent.

Hacking Instagram accounts not new

Hacking Instagram is hardly a new phenomenon. Influencers have frequently fallen victims to fake promotion offers only to lose their accounts. However, hackers have become emboldened by inaction and bureaucracy that they can openly announce their intentions.

“Because of the difficulty in contacting a human when dealing with social media account issues, this can make taking back control of the account difficult or impossible,” says Kron noted. “Any recovery emails or codes sent in the account recovery process are instead sent to the attackers.”

#Hackers allege copyright violations from posted content, direct influencer and corporate Instagram account owners to #phishing page to compromise accounts before demanding ransom. #cybersecurityClick to Tweet

Kron says social engineering has become easier as attackers exploit their victims’ heightened emotional state to manipulate them to blindly enter their account credentials.

“By leveraging fear of a copyright infringement claim, something that can be a significant legal burden and a potentially costly issue, the attackers force a knee-jerk reaction by the victim.”

 

TwitterFacebookLinkedIn
Tags
Hacked Instagram AccountInstagramPhishing
Alicia Hope
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news.
Related
Hacker using mobile smartphone calling victim showing remote monitoring and management software used in phishing of federal agencies
Cyber SecurityNews

Hackers Breached Multiple Federal Agencies via Remote Monitoring and Management Software

February 2, 2023
Hacker working on computer showing search engine ads used for malware and phishing
Cyber SecurityNews

FBI: Hackers Are Using Search Engine Ads for Phishing and Malware Distribution

January 6, 2023
Finger tapping Instagram icon on black mobile phone screen showing GDPR fine for privacy settings
Data ProtectionNews

€405 Million GDPR Fine for Instagram Over Privacy Settings for Underage Users

September 9, 2022
Senior business man using mobile phone showing whaling attacks
Cyber SecurityInsights

How High-Level Employees Can Defend Against Cybersecurity Whaling Attacks

July 15, 2022
Boy and father playing games showing account takeover via phishing and social engineering
Cyber SecurityNews

EA Confirms Account Takeover Attacks Compromising High-Profile Gamers via Phishing and Social Engineering Attacks

January 20, 2022
Close up of hacker hand using laptop with email icons showing phishing-as-a-service
Cyber SecurityInsights

Phishing-as-a-Service Brings Cybercrime to the Masses

January 20, 2022
Security locks with a fish hook on computer keyboard showing phishing and cybersecurity culture
Cyber SecurityInsights

Can Your Cybersecurity Culture Stand Up to the Latest Spear Phishing Techniques?

December 8, 2021
Man holding smart phone with YouTube logo on screen showing phishing of YouTube creators for cryptocurrency scams
Cyber SecurityNews

Phishing Campaign Targets YouTube Creators With Cookie Stealing Malware To Hijack Accounts And Stream Cryptocurrency Scams

November 1, 2021

Latest

Hands holding smartphone using Google Fi service showing T-Mobile data breach

T-Mobile Data Breach Includes Massive Compromise of Google Fi Service, Unknown Quantity of Customer Records Exposed

Data Privacy’s Tipping Point: Where We Go From Here

Hacker using mobile smartphone calling victim showing remote monitoring and management software used in phishing of federal agencies

Hackers Breached Multiple Federal Agencies via Remote Monitoring and Management Software

Taylor Swift on stage showing bot attack on Ticketmaster

Ticketmaster Says Bot Attack Is To Blame for the Misfortunes of Taylor Swift Fans

- Advertisement -

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Stay Updated

Follow Us

© 2022 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    U.S. Data Breach Regulations EU GDPR Facebook
    See all results