INSTAGRAM users are being warned over a convincing scam that gives hackers access to your account.
Posts promising huge discounts on Ray Ban sunglasses are circulating around the social media app – but they’re a dangerous con designed to nab your details.
If you’re a regular Instagram user, you might have spotted pals posting amazing Ray Ban offers.
One post doing the rounds on Instagram promises to knock 90% off a pair of designer shades – bringing the price down from £199.90 to £17.65.
The post will link you out to a website, but it’s actually one big scam.
The Ray Ban discount isn’t real, and is almost certainly a “phishing” plot to steal your personal details – and Instagram login information.
The offer is obviously too good to be true, but it’s designed to be tempting enough to lure unwitting Instagram victims into typing in a dodgy web address.
And once your account is hijacked, crooks can use your profile to spread the scam post to even more people.
One scam victim from London told The Sun: “A mate saw the post on my page and asked my why I was posting about Ray Ban sunglasses.
“Someone had got into my account and posted the photo.
“I’d seen the same post appear on four other accounts I follow too, so it’s obviously widespread.”
How to avoid the Instagram Ray Ban sunglasses scam
Here’s what you need to do…
- First, if a promotion on social media looks too good to be true, it probably is
- Don’t click any suspicious links on social media, especially for unrealistically tempting offers on designer goods
- If you’ve been caught, you should go into Instagram settings and log out of all of your sessions
- Next, change your password to something complicated (that you don’t use anywhere else)
- Also, set up two-factor authentication so Instagram will text you with a unique code for logging in
- This gives you an extra layer of security beyond simply having a password
- And if a Ray Ban promotional post has been uploaded to your page, make sure to delete it to stop pals getting scammed too
These types of phishing scams aren’t uncommon, because they’re easy to execute and very effective.
Cracking into an account manually can be difficult, so hackers often rely on tricking you into handing over sensitive information yourself.
And premium goods offered at discounted prices are a good way for crooks to make people forget basic common sense cybersecurity advice.
“This appears to be the continuation of, or perhaps the resumption after a lull in, the long-established abuse of compromised social media accounts to post fake ads, or ads for fake goods,” said Nick FitzGerald, a cybersecurity expert at ESET.
“Over the years we have seen Twitter, Facebook, Instagram and other online platforms abused to post ads for various footwear brands (notably Adidas and UGG), medications, and Ray Bans, among many other things.”
It’s also possible that some of the accounts were bought up on the dark web and used to spread the scam posts.
Speaking to The Sun, Comparitech.com privacy advocate Paul Bischoff said: “It sounds like someone bought a bunch of hacked Instagram accounts on the dark web and used them to spread spam.”
We’ve asked Instagram and Ray Ban for comment and will update this story with any response.
Instagram scam – the expert advice
Here’s what Synopsys cyber-expert Adam Brown told The Sun…
- “Best practice is to be very careful of anything that you click or tap. Check the address of the link that you are about to tap and that it goes to a reputable/known address only.
- “In this example, any address ending in ‘rayban.com’ would be authentic, assuming the “rayban.com” site is secure, however ‘rayban.com.offer.tv’ for example would not be.
- “In fact, a site like that would have nothing to do with Rayban and be a spoof since the reallocation of the site would be ‘offer. tv’.
- “In a web address, the last part (of the part with the dots and before the slashes) is the ultimate destination of the traffic, so be very clear about where you are and the information you are willing to divulge.
- “For example ‘logging in’ to a spoof site like that leaves the attackers with your credentials, even just accessing such a site can result in unwanted control of your browser or attempts to install malicious apps.
- “Do not install apps from unknown locations or apps with dubious producers and of course, remember that if it’s too good to be true it more than likely is.”