Beware: the next trusted post by your favorite Instagram influencer could contain phishing links to steal your bank login credentials

A novel and extensive scam campaign targeting both Instagram and banking customers in Indonesia has been uncovered.

In one cybersecurity firm’s user base, more than 600hijacked Instagram accounts were discovered to have been used to spread phishing links to fake websites disguised as login pages of mobile banking applications for one of Indonesia’s financial institutions.

Additionally, 1,000 affiliated fraudulent domains were detected being used to spread phishing content at the requests of the actors behind fraudulent spoofing of websites.

As early as September 2022, the scam campaign had been launched to detect insecure Instagram accounts and take over control. After obtaining access, the fraudsters changed the settings to deprive access to the legitimate owners — who usually had a considerable number of followers. For example, the account of a popular Indonesian football coach with over 23,000 followers was compromised by the scammers to snare people with phishing links embedded in the fake posts.

Why target Instagram influencers?  

The scammers’ end goal is to get unsuspecting victims to visit a phishing website disguised as a log-in page of a mobile banking app, to steal credentials. For this purpose, the fraudsters have created multiple phishing domains that mimic legitimate ones. New spoofed websites are continually being created and registered.

In some hijacked Instagram accounts, the scammers did not even bother to delete the contents of the previous owners.  

According to Aditya Arnanda, Digital Risk Protection Analyst (Indonesia), Group-IB, which disclosed the scam in its customer ecosystem: “There is a good reason why scammers prefer Instagram. According to our findings, social media became the number one channel for the distribution of scams in the (region)  in 2021. More than 75% of all scams analyzed by Group-IB were observed in social media. Instagram turned out to be the scammers’ favorite platform in APAC. It is easier to inspire trust in social media and visual content tends to resonate with people more.”