I was pretty excited when I saw that ivory cashmere fitted turtleneck on Instagram. So versatile! So classic! Best of all—so inexpensive! Even if it didn’t turn out to be the most beautifully made garment in my closet, I could still use it as a layer. Right?
Wrong. When the sweater arrived six weeks later—six weeks!—not only was it not cashmere, it wasn’t even wool. One sleeve was longer than the other by about 2 inches. The stitching? Well, let’s just say it went straight into the trash since the neckline looked like I tried to make it myself. And I can’t even sew on a button.
I chalked it up to $40 down the drain and forgot about it until I started noticing all the ads on Instagram and Facebook that advertised cheap prices on everything from Ray-Ban sunglasses to drones. As tempting as it is to believe that I can score my next pair of aviators for $20, it’s also pretty easy to tell these ads are fake. But it turns out there are many ways scammers can take advantage of you while you’re scrolling through your favorite baby animal videos, memes and Buzzfeed rankings. And they’re not all built on poorly made or counterfeit goods.
5 Instagram scams to watch out for
As annoying as it is to buy a cheaply made sweater online, some Instagram scams can do a lot more damage. For example, some scams seem innocuous but are actually sneaky ways to get you to enter sensitive personal data. Others offer the promise of new love—and then, boom! They steal your identity.
Here are five popular scams that fraudulent Instagrammers use to steal your money, your identity or your sanity (although to be fair, some are overachievers who manage to do all three):
- The fake giveaway. From free airline tickets on major carriers such as Delta Air Lines to free gift cards from big retailers such as Best Buy, social media is awash with fake giveaways. You may be thinking, what’s the harm in clicking the link? But if you do, your risk of accidentally downloading malware or revealing personal data skyrockets. When it comes to giveaways, Mashable recommends avoiding any ad that uses the term “giveaway.” And of course, if it seems too good to be true, then it probably is.
- The fake warning from Instagram. In this recent scam, reported by The Sun, an unsuspecting Instagrammer gets a fake message from a hacker pretending to represent Instagram. The message prompts the account owner to enter sensitive information using two-factor authentication on a fake site with a valid security certificate, which is a particularly clever move. Cybersecurity researcher Paul Ducklin told The Sun, “Social media passwords are valuable to crooks because the innards of your social media accounts typically give away much more about you than the crooks could find out with regular searches.” Give up your password information accidentally, and not only could the hacker mine your account for other sensitive data, but they could also message others from your account and pretend to be you.
- The hacked celebrity account. This is another newly reported scam. It follows a similar pattern: The hacker hijacks a celebrity account, invites followers to complete a survey that reveals private information and then gets paid based on the number of followers who comply. Two well-known influencers, Nicole Scherzinger and Yanet Garcia, learned that hackers changed their bio sections to include a special invitation to followers. What did the bios promise? Download a certain app, and the influencer would release a sex tape.
- The romance scam. It’s amazing to think hackers would target members of the military, but it turns out there’s no scheme too vile for fraudsters to consider. Sherri Vlastuin, an active-duty medic and Instagram influencer based in Missouri, learned this the hard way, according to Stars and Stripes. Hackers stole photos from her page so they could create fake dating profiles, which is “a problem on social media platforms, particularly for American service members,” Stars and Stripes reports. What’s the scam? The fraudster used Vlastuin’s pictures to meet unsuspecting victims and trick them into sending money. Vlastuin “has reported hundreds of the fake accounts” but calls the problem “unstoppable,” according to the website. Vlastuin is just one example of the way hackers use fake dating profiles to scam unsuspecting targets.
- The get-rich-quick Instagram money scam. Unless you’re a recent lottery winner or the heir to a fortune worth millions, then you already know getting rich quick isn’t really a thing. But everybody loves a financial win, so Instagram scammers use direct messaging or a fake ad to promise outsized returns with a small investment. Be especially wary of messaging that uses hot terms like “crypto” or “bitcoin,” Yahoo Finance reports. Once you send the funds, your contact—and your money—will vanish.
How to spot an Instagram scam
Common sense and some smart tips from security experts can help you spot Instagram scams before you become a victim. You probably already know to look for clues like misspelled words and obviously fake email addresses, but hackers get trickier all the time—just like the two-factor authentication and secure website example mentioned above.
Think twice before you:
- Respond to messages from a party claiming to represent Instagram.
- Trust people you only know from Instagram with personal information such as your email address.
- Share personal information with a “business” on Instagram that “needs” your email password, home address, bank or credit card data, or Social Security number.
- Enter a contest or “giveaway” by clicking on a shortened URL.
- Enter a contest that doesn’t appear to have any rules or fine print.
- Allow a website or app to track your location or search history.
I got scammed on Instagram. What can I do?
If you purchased a cheap item as I did, you can try to get your money back (and I wish you good luck). But if you’ve fallen victim to a more insidious plot, then you’ll need to take a few more steps.
The first item on your list should be requesting your free credit reports at AnnualCreditReport.com from agencies Equifax, Experian and TransUnion. Review each closely and note any unrecognized addresses, aliases, and of course, new credit cards or unauthorized transactions. Next, report the fraudulent activity.
“Contact [the] three major credit bureaus and initiate a fraud alert,” cybersecurity expert Robert Siciliano recommended. “A fraud alert lasts up to one year and alerts lenders who check your credit that you may be a victim of identity theft,” he added.
Siciliano also recommended initiating a credit freeze, which you should consider doing even if you don’t spot any signs of identity theft.
“This has to be done at all three major credit bureaus,” Siciliano said. “A credit freeze [locks] down your credit report and prevents new account fraud.”
Finally, you’ll want to contact the police and file an identity theft report with the Federal Trade Commission. If the thief was able to take out loans using your data, these records will help lenders forgive fraudulent debts taken out in your name.
Know who you’re doing business with
Since the incident involving the world’s saddest “cashmere” sweater, I’ve become a lot more picky about the businesses I transact with on social media. That doesn’t mean there aren’t plenty of legitimate businesses advertising through social channels—there certainly are. But the rules of the web are remarkably similar to the common-sense best practices our parents taught us before “cybersecurity” was even a word. And that means I spend a fair amount of time figuring out if the people and ads I’m interacting with are really who they say they are.
If something seems too good to be true, it probably is. Listen to your inner voice. When something doesn’t pass the smell test, it’s probably rotten.