Instagram verification is pretty darn strict. In order to obtain the blue badge, you need to meet a specific series of requirements—so if Instagram contacts you, informing you you’re eligible for verification, you’d probably jump at the chance. Well, don’t: It’s a scam.
It seems there are bad actors among us praying on people’s desires to be verified on Instagram. As reported by BleepingComputer, threat analysts at Vade discovered a scheme to trick people into thinking they were eligible for Instagram’s blue badge. The scam started on July 22, and they’ve been busy sending out phony messages. On July 8 and Aug. 9, in particular, scammers messaged more than a thousand accounts.
The campaign starts like this: You receive an email purporting to be from “ig-badges,” informing you Instagram has decided your particular account is worthy of a blue badge. All you have to do is click the link in the email, fill out the form, and verification is within your grasp. To add urgency to the situation, the email states you must respond within 48 hours, or the form will be deleted.
If you click on the link in the email, you’ll be taken to the form, which tries its best to appear like a legitimate verification site, complete with logos for all of Meta’s various apps. I have to point out, though, they refer to the company as “Facebook,” which does damage the credibility. Guys, small mistakes like this really poke holes in your scheme. You have to pay more attention to the details if you want to be taken seriously as scammers.
Anyway, the form asks for your Instagram username, real name, email, and phone number, before finally asking for your password. This last request is to “verify” you belong to the account in question. Sure, Jan.
Once your info checks out, you’re told you will be contacted within 48 hours to confirm your account’s blue badge. Of course, you won’t be. Instead, the good people at ig-badges now have your account’s login info (and you worked so hard on that strong password, too). If you have two-factor authentication enabled, your password won’t be enough for hackers to break into your account. But, either way, it’s never good to be interacting with scammers, especially when handing over personal information.
For the record, Instagram will never contact you directly about account verification. The only way to install the blue badge to your handle is to apply for it yourself, and meet the relatively strict requirements. It’s easy enough to prove you own the account, and that no other account representing you will apply for verification, either. It’s also simple to make sure your profile is completed, with a profile picture, bio, and public to all. The difficult bit is proving you deserve the badge in the first place. Instagram needs your account to be “notable,” which means well-known and highly searched. It’s good if you appear in multiple news sources, but bad if you paid for those promotions. Essentially, you need a following, with no guarantees either way.
All that to say, there is no reality where Instagram chooses your account for verification out of the blue. If you receive one of these emails, promptly delete it, and try not to imagine how much better life would be with a little blue check mark next to your name.
Read the full article here