#NoFilter: Exposing the Tactics of Instagram Account Hackers Threat Researcher

If the user unwittingly hands over their real credentials, the cybercriminals proceed to change the account’s password so that the original owner loses access to the account. They then mine the account by downloading all images and messages either manually or through Instagram’s data backup feature. The hackers might even modify the account bio, share content via the stories feature, or reach out to the victim’s contacts.

At the same time, the hackers start to negotiate with the victim. They usually operate the hacked account while the victim talks with them using a different account. They then demand payment in the form of bitcoin, prepaid credit cards, or vouchers in exchange for the restoration of access. Based on the activity spotted in some of the bitcoin wallets related to this campaign, it seems that some targets might have paid up.

However, the negotiation is merely a ruse. They do this only so that the victim will not be compelled to report the incident via the proper channels, and so that they can buy some time, as downloading all the data from the account can take up to two days. After the victim pays up, the hackers will not give back the account. On the contrary, they will just ask for more payment.

On many occasions, a single malicious actor is manually compromising several accounts at once. There are also cases where each malicious actor belonging to a group has a designated role in the campaign, such as the operator of the hack, the collector of payment, or the leader who oversees the operation.

Of the stolen accounts that the hackers choose to keep, those with at least 50,000 followers are used to keep the scams operational, while those with followers numbering between 10,000 and 20,000 are used as proof to show among peers that a hacker is part of the crew.

Some hackers also sell their hacking know-how in the cybercriminal underground.

In another version of the scam, hackers use a fake application form for an Instagram verified badge as a lure. The verified badge is a blue check mark that appears beside the account names of most influencers, celebrities, brands, companies, and other popular entities on Instagram. The badge shows that Instagram has verified the account owner’s identity and legitimacy.

Read More HERE