Online scams will make your money fly away. Alison Giordano just wanted to help out a friend, but instead, she almost lost her Instagram account.
The scam was pretty sneaky: A friend messaged Giordano (who, full disclosure, is a friend of mine) on Instagram asking if she could help her win a contest. The friend would send her a text with a link, and all Giordano had to do was take a screenshot of the text and send it back to her friend. Giordano did as instructed. Moments later, she got an email from Instagram saying someone logged into her account from a different location on a different device.
A screenshot that causes your account to be hacked sounds like a lower-stakes but higher-tech version of The Ring , but what happened to Giordano is actually quite simple. There was no contest, and the text didn’t come from her friend. Giordano’s friend (or, almost certainly, someone who took over her friend’s account and was pretending to be her friend) went to Instagram’s password reset page and requested a reset link for Giordano’s account. That prompted Instagram to send a text to Giordano with a link to access her Instagram account. The URL of the link was in the text, so when Giordano took the screenshot and sent it back, the scammer simply entered the URL in their device, and that let them access Giordano’s account — no password or supernatural curses necessary.
Fortunately for Giordano, she saw Instagram’s email almost immediately and was able to get back into her account before the scammer took it over. She blocked her friend’s account, changed her password, and enabled two-factor authentication .
“I was just very naive and trusting,” Giordano tells me. “I felt pretty stupid when all was said and done.”
She shouldn’t have. The Instagram messages came from what appeared to be a friend, and Giordano’s other friends have asked for her help with (real) social media-based contests in the past, so of course she didn’t think much of it. She certainly didn’t think sending a screenshot could compromise her account. Until we spoke, she didn’t even know how it happened — it took me a while to figure it out too, until this tweet warning about this kind of scam clarified things. If Giordano hadn’t seen that email from Instagram, her account might have been lost to her forever, probably going on to try to scam all of her friends.
We’d like to think that scams happen to other people who aren’t as smart or savvy as we are. Many people who get scammed believe this, which is why the vast majority of them will never report it: Either they don’t know they were scammed or they’re ashamed to admit that it happened to them.
But it could happen to anyone, including you.
“The reason why these scams work is because some of them are good,” Yael Grauer, content lead for Consumer Reports’ Security Planner , tells Vox. “Even though I think education is important, there’s a reason social engineering is a thing. You can’t be perfect and on guard all the time.”
Scammers prey on our biggest fears and strongest desires. They get better all the time, so it’s worth your time to learn how to recognize their tactics. The mediums scammers use may change, but many of the underlying strategies stay the same — which means the recommendations for how to protect yourself from them do too. Don’t panic …
When I got an email saying there was a new login to my Twitter account from Moscow, my initial response was abject terror (My checkmark! My DMs! My reputation!). At first glance, the email looked a lot like the login confirmation emails that Twitter actually sends. Even the email address it was sent from was very close to the one Twitter uses for such notifications. I admit that I almost clicked on the account restoration link. Then the adrenaline wore off, and I realized that the email came from “twitter-act.com” and not “twitter.com.” It was sent to my work email, which isn’t attached to my Twitter account, and it had a typo. Most importantly, I remembered that some of my co-workers had gotten similar phishing emails only a few days before. I actually knew to expect this one, but all of that fell out of my head for a few seconds — which was exactly the point.
“It’s really, really hard for us to access logical thinking when we’re in a heightened emotional state, and it’s so […]
source Anyone can fall for online scams — even you. Here’s how to avoid them.
Protected by Patchstack