Back to Reports
MEDIUM SEVERITYPUBLISHEDVerified ReportSocial Media

Social Media Giveaway Account Hijack Attempt

Anonymous Reporter
2024-01-25
Instagram
187
Upvotes
51
Comments
3,120
Views
93
Shares
$0 (prevented)
Amount Involved / Potential Loss

Report Summary

Fake Instagram giveaway required login via third-party site, leading to account compromise attempt.

⚠️ Warning Signs Identified:

  • • Pressure to act quickly without time for consideration
  • • Requests for payment via unusual methods (gift cards, cryptocurrency)
  • • Poor grammar and spelling in communications
  • • Email addresses that don't match company domain

Full Report Details

Instagram Giveaway Scam Report

Scam Setup

Platform: Instagram Story (from compromised friend's account) Offer: "$5,000 Cash Giveaway" from "Instagram Official" Requirements: "Verify account" via external link Urgency: "Limited to first 100 participants"

Attack Vector

Initial Interaction

  1. Friend's account posted story about giveaway
  2. Link led to instagram-verify-giveaway.com
  3. Professional-looking page with Instagram branding
  4. Requested login credentials "to verify account eligibility"

Technical Analysis

  • Domain: Registered 4 days prior, privacy protection enabled
  • SSL: Let's Encrypt certificate (legitimate, adds false credibility)
  • Hosting: US-based VPS, likely compromised server
  • Post-Compromise: Credentials sent to Telegram bot, then to attacker

What Happened After Login Attempt

  1. Immediate:
    • Page showed "Verifying..." for 30 seconds
    • Then redirected to real Instagram login page
    • No error message (designed to not raise suspicion)
  2. Attack Sequence (based on other reports):
    • Credentials used within minutes to access account
    • Password change requested
    • Same scam posted from compromised account
    • 2FA bypass attempted via SMS phishing

Protective Actions

  1. Immediate Response:
    • Realized mistake, didn't complete login
    • Changed Instagram password immediately
    • Enabled 2FA (authenticator app, not SMS)
    • Checked login activity (no unauthorized access)
  2. Reporting:
    • Reported phishing site to Google Safe Browsing
    • Notified friend about compromised account
    • Reported to Instagram
    • Filed with Quiet-Report platform

Impact

Accounts Protected: Own account + warned 12 friends Compromised Accounts: Friend's account hijacked for 6 hours Financial Loss: $0 (prevented) Time Invested: 3 hours (recovery + reporting)

Technical Indicators

  • Phishing kit: "InstaPhish v2.1" (known tool)
  • C2: Telegram bot @insta_verify_bot (suspended)
  • IP range: 104.21.45.* (Cloudflare proxy)

Recommendations

  1. Never login to social media via third-party sites
  2. Use unique passwords for each platform
  3. Enable app-based 2FA, avoid SMS
  4. Verify unusual posts directly with friend
  5. Report suspicious activity immediately

Evidence Provided

🖼️
screenshots.zip
Click to view
📄
url-analysis.txt
Click to view
📄
domain-whois.pdf
Click to view

Resolution

Type:

WARNING

Description:

Phishing domain taken down, Instagram security notified

Outcome:

Friend's account recovered, 2FA enabled on all accounts

Tags

#Social Media#Instagram#Account Hijacking#Giveaway#Phishing

Reporter Information

Status:Anonymous
Reports Filed:12
Success Rate:85%

Similar Reports

MPhishing

Phishing Email: PayPal Account Suspension

MEmployment

Fake Job Offer Leads to Personal Information Theft

LPhone

Fake Car Warranty Robocall Campaign

⚠️ Safety Tips

  • Never share personal information with unknown parties
  • Verify company credentials before making payments
  • Use secure payment methods with buyer protection
  • Report suspicious activity immediately

Experienced Similar?

Help protect others by reporting your experience