We are going to explain to you how to avoid being scammed by fake accounts when you enter an Instagram contest, something you are going to be exposed to often. It is quite common for some official accounts of companies or services to run raffles from time to time to reward their users and gain new followers, and since cybercriminals are always on the lookout, they often take advantage of them to deceive people with phishing campaigns.
Normally, these types of campaigns are carried out using accounts that try to impersonate the identity of the one who is doing the contest, with similar names and the same profile image, although putting in their descriptions that they are the accounts in charge of delivering the raffle prizes. We are going to give you a few tips to try to avoid falling for these deceptions and end up giving your data or your money to strangers.
Today we are going to refer to a specific type of deception, that of false accounts that can try to deceive you when you participate in the contest of another very famous account or with many followers on Instagram. We will leave out other types of deception such as fraudulent contests, although many of the steps that we will tell you can be applied here as well.
How this kind of deception works
The phishing, is a type of computer attack. The word means fishing, and the technique used is that of cast hooks to as many people as you can using fake messages, hoping that at least a small part of them will fall into the trap and do what they want. Here, depending on each campaign there may be different types of consequences.
They can simply obtain your data, make you make a payment to them, or install some dangerous virus that steals your accounts, as happened in FluBot, the attacks posing as FedEx. Therefore, they can be relatively simple attacks to steal small amounts of money or your personal data or be much worse attacks, so it is best to try not to fall for them.
These campaigns are usually quite simple. What the attacker does is create an account with which to impersonate the official. For example, if you want to pretend to be Xataka, you would put something that includes the word as a username, as a real name Xataka, and as a profile image the same one that our official account has.
If he’s trying to cheat you out of a contest you’ve entered, it may say in its description that it is the account in charge of distributing the prize. Thus, when they follow you to follow you and you enter their profile to see who they are, you could make the mistake that you have won the prize and they have followed you to give you the reward.
If you take the hook and follow this account, then they will write to you from it to try to finish tricking you. Sometimes, they may simply ask for your details to obtain them and try to send you some other type of deception campaign by phone or email. But others, they can send you a link to a fraudulent website in which they ask you to follow certain steps to steal money or install a virus.
Tips to avoid phishing fake accounts
There are several steps you can take to avoid this type of deception, things to keep in mind to detect fraudulent accounts or that something is wrong, and that perhaps not everything is as beautiful as it seems. They are simple things that you can easily remember.
The first thing is that never trust messages that ask you for additional steps or a final challenge to complete the contest. These steps should always have been specified in the bases, and never trust anyone who then asks you to do more things. In this case, not even if it is the same account that made the contest, as it may be a fraudulent contest.
The normal thing is that no different account is used to award you the prize. When you participate in the draw for an account, it will be from that same account that they contact you to send you the prize or tell you what you have received. Therefore, be wary of any account that claims to be specific to award you the prize on behalf of another.
These types of Instagram contests usually require you to follow the account that runs them to participate. Therefore, if you see that what appears to be that account has followed you, but when you enter their profile you are not following them, then it is an obvious clue that it is not the same account.
Fraudulent account names will always be different to those of the original account. Sometimes it can be difficult to identify them because they use similar descriptions or the same profile image, but you will have to look for the account of the contest you participated in or the message in it to see their username and thus not fall into the trap. If the official account where the contest is held is verified, then you should be wary of any other account that is not.
When one of these accounts writes to you, there is a trick to know if it is the one that really did the contest. Look at their posts to check that among them is the one of the contest in which you participated. If you see that something is wrong, such as that it has fewer responses than you thought or your message does not appear, be suspicious. While fraudulent accounts typically don’t even bother creating bogus contests, many are with blank posts.
You must be very careful if they write to you with a web address. If it is the official account, it is possible that it will send you to a website to fill in data, but this website should always have its own domain, or be perfectly recognizable. Be suspicious of all messages that add a shortened URL in which you do not know which page you are really going to, because that way they can put you on a fraudulent page.
The scams of fraudulent accounts in contests, usually send you to pages where you have to do something else. If you have won the contest, it is unlikely that you will have to take more steps on an external website, that is, be very careful with the accounts that tell you that it is worth, that you have won, but that you still have to do other things.
As for the website you can go to, there are two things that you should pay attention to. First, look at the URL you have reached, since if it is not the official domain of the company that runs the contest, you should be suspicious. You should also look at the quality of the images on the web, even visiting it from the PC instead of the mobile, since in the fraudulent pages copy paste images are usually added.
Don’t trust even if you see the same Instagram photo from the contest, since the one who wants to deceive you may have downloaded and uploaded it to their fraudulent website. And of course if from that website you are sent to some other via some link, then close immediately.
It is also possible that in the message that you get from the fraudulent account or from the phishing website they try to hurry you so as not to give you time to think, saying that you only have so much time to do everything or something similar. And of course, never trust someone who tells you that you will go to a process in which a code will arrive on your mobile that you have to give them, contests don’t work like that and it could be a code to access your device.