Like we said over and over, scammers are quick. We got an email from a client today related to the Instagram takeover scam. When a scammer send you a link that you have to do a screenshot of it and send it back to the scammer as a confirmation. Once they get the code, they can change the password (and then email and all the information) and can take over your account to promote scams to your followers (usually Crypto or Coaching etc.).

With the new 2023 Ed Sheeran Tour coming in the next few months, I found it interesting that they use him as a pretext to start a conversation and luring people in sharing links or screenshot. In this example, the scammers as the victim if they are willing to vote for Ed Sheeran in a contest for the best celebrity on Instagram. (ON Instagram).

The victim ask how, and then the scammers first congratulate them for being such a great fan and tell them that they are going to receive a text message with a link, Don’t need to click on it, but just share the message to make sure you voted. It’s pretty easy to realize the scam when we think about it clearly, but the scammers use the excitement from the fan to vote for their best celebrity and, if doing that at night or early morning, it’s pretty easy to fall for it.

The message goes as follow:

— Hello this is Ed Sheeran fans club and I believe you are also a fan. Ed Sheeran is contesting for the best celebrity on Instagram… Can you for for him so that he can win this year?

— How

— Ok thanks for being a great fan

— You will receive the link through your SMS. Once you receive the link you don’t have to clink it tho…or it would be void. All you need is for you to screenshot to me to confirm it.

— Got it?

It’s possible that the account used by the scammers (in this example a fan club account) got scammed to in the first place, so the victim would trust it more as they are already following that account). If something like this happen to you, if anyone (even close friend) ask you to receive a code or a link on your phone or email, just DO NOT DO IT. There is not a single valid reason for it. As you can see in this example, the scammers didn’t had to ask for the victim phone number, as it was simply send from Instagram Password Recovery directly).

They would use any pretext to get to you account, so make sure to stay protected. You should have 2FA activated on all your accounts (especially Facebook, and Instagram or your other emails, social networks) to make it harder for scammers / hackers to get in to you.

You can also use our service “Is this a Scam?” To help you stay current with scam trends and having someone to ask all the questions you might have concerning scams or online fraud.

We’ve added a contact form below if you just want to ask us any question you might have on that subject.