Article written by: Madura McCormack
Recently sold to Facebook for a staggering US$1 billion, photo sharing mobile app Instagram has enjoyed a year of explosive uptake.
It is so popular in fact that, according to Facebook's Mark Zuckerberg, Instagram has hit the 100 million registered user mark. Note, this was back in September.
And as with other popular social networking sites, the scammers have begun to move in. Taking advantage of Instagram's large user base and approaching from a variety of angles.
Apart from the rogue Instagram apps for Android previously reported by Trend Micro, a new scam has been making its rounds on the photo sharing site.
Cyber criminals are masking themselves as retailers, offering fake gift cards and vouchers while collecting user information and e-mail addresses.
How it works
The supposed 'retailer' posts a photo on their 'official' Instagram page asking users to follow, share, tag and state their e-mail address, with the first 20,000-30,000 followers standing to win a few hundred dollars worth of vouchers.
Retail brand names that have been used include Zara and H&M. Starbucks and
Forever21 may also be victims but the companies have not responded for comment and thus this claim cannot be confirmed at time of publication.
Though there is nothing outwardly harmful about the photos, users who repost them reveal their e-mail addresses which could ultimately be harvested by the cyber criminal and sold for spamming purposes.
Cyber criminals do make money from bulk data theft; according to Trend Micro, 1,000 Hotmail or Yahoo Mail credentials can be sold for about US$8 and 2,200 Twitter credentials for US$75. How much could Instagram credentials be worth, considering it has already surpassed Twitter in terms of active daily users.
Resisting the allure of free money
"Of late, we notice there are some problems with false H&M accounts offering gift cards etc. to consumers. We would advise people to be careful with such," advised an H&M spokesperson.
The scammer posted the false voucher giveaway under the moniker '@hmofficialinstagram', offering $300 in vouchers for the first 25,000 followers. Going a step further, the user added a website address to the description.
A visit to the website will redirect the user to a 'Claim your gift by doing this survey' site to phish more detailed personal information.
According to H&M, the company has alerted Instagram regarding the fake users and a search for the username revealed that it ceased to exist.
However a search of the '#hmofficialinstagram' hashtag showed a total of
1,098 reposted photos stating e-mail addresses.
Another brand name affected by the recent scam tactics was popular retailer ZARA, whose fake Instagram site offered a $200 gift card to 200 users a day.
A spokesperson from ZARA's external relations representative company Inditex said: "We must inform you that neither Inditex nor Zara are related in any way with the practices you mention. Indeed, once we had notice of this issue, we have opened an inquiry to find out if there has been any kind of unauthorised use of our brand."
Interestingly enough, the fake user '@zara_promo' Instagram page was still up when last checked. In place of the ZARA logo as its profile picture, the scammer had instead replaced it and his six photos with that of the troll face meme.
Protect your privacy on social networks
Security vendors Trend Micro and Symantec advice users to privatise social networking accounts, set hard to guess passwords and not to click shortened URLs.
Shortened URLs are one of the ploys set up by scammers to send you to malicious sites with viruses abound.
Even if the user seems legitimate and the offer attractive, it doesn't hurt to make a trip to the retailer's official website and confirm if they do in fact have an account on the particular social network.