This elaborate scam uses social engineering to trick victims into sending the hacker Bitcoin while holding Instagram accounts hostage.
It’s an interesting use of hacking skills. According to a recent story on Motherboard, hackers are taking over Instagram accounts using spoofed Instagram logon pages and promising to release the hostage account to its owner if they create a video promoting a bitcoin scam in which the Instagram victim states they “invested” in bitcoin and are getting amazing returns on their investment.
Instead of releasing the account, the hackers share the video in an attempt to get account followers to send the hacker Bitcoin (with no return on their “investment”, of course).
We’ve seen attacks like this previously on Twitter, with high-profile accounts being hacked to promote these same kinds of scams. But the video angle (especially if the account owner puts some effort into make it seem legitimate) is an interesting form of hostage-based social engineering. I’m wondering if ransomware actors may take to this tactic, forcing victim organizations to get followers on social media to do something similar.
The crux of these attacks start with a credential attack on the influencer’s Instagram account. Whether it’s password spraying or a credential theft attack, individuals who as savvy to the ways of these kinds of attacks through Security Awareness Training will have strong and unique passwords for accounts, as well as won’t fall for spoofed logon pages.
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW