Instagram’s Dark Side: Sexual Harassers, Crypto Scammers, ID Thieves
A platform for everyone to seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables—from sexual harassers to crypto “investors” helping you “get rich fast.”
The Gram today has a dark side that goes beyond fancy filters and reels. The network is being actively abused by shady marketers to promote obscene content or by Bitcoin investors with dubious whereabouts.
Dubious ‘crypto investors’ take the stage
It’s one thing to appreciate, like, and share people’s finest shots taken from the comfort of their vacation cottage or shiny new Cadillac, but you’d be wise to steer clear of lavish Instagram profiles that look far too promising.
Spam profiles and romance scams (think The Tinder Swindler) are hardly a new occurrence on social media. But, in recent times BleepingComputer has seen an increase specifically in suspicious “crypto investors” hogging platforms like Instagram.
Also Read: September 2021 PDPC Incidents and Undertaking: Lessons from the Cases
Such profiles typically contain terms like “FX” or “forex” (Foreign Exchange), “trading,” “financial freedom,” “get rich fast,” and emojis representing coins and financial charts in their bio.
It is entirely possible for real blockchain enthusiasts and consultants to maintain social media profiles much like any other legitimate businessperson or company would.
But, the scammers we refer to are stealing the identity and photos of real people, including that of known FinTech personalities, and repurposing this data to craft their “investment” profiles.
I can also confirm receiving over a dozen ‘follows’ or direct messages (DMs) weekly from Instagram profiles claiming to be part of financial schemes or selling crypto.
American investor and hedge fund manager, Mark W. Yusko is one such person whose identity is being misused by not one—several Instagram scammers.
Yusko, who serves as the CEO of Morgan Creek Capital Management spoke about the issue this week:
“I guess imitation is the sincerest form of flattery, but this type of nonsense to try and scam people is crazy,” says the investor after coming across several Instagram profiles pretending to be him.
Such profiles will typically feature real pictures of a person combined with “stories” showing photos of luxury resorts, cars, jewelry, and goods that reflect a finer lifestyle. Mentioned alongside are terms implying how the person (scammer) got rich by investing in crypto and discovered their financial freedom—and how you can also do the same.
Typically, you’d get a new ‘follow’ or an unsolicited direct message (DM) from a stylish “crypto investor” enticing you to explore “new business opportunities.”
“Instagram is absolutely awful at policing scams and makes reporting them a nightmare… I rarely use IG (mwyusko) and I will NEVER ask you for money or crypto,” warns Yusko.
What’s appalling is, Yusko’s real Instagram account has a following of under a hundred users, whereas the crypto scammer imitating him has garnered over 18,000 followers:
A YouTuber and Nintendo content producer who goes by ‘Shibby120’ warns that people are indeed falling for such scams:
Whenever Shibby120 is approached by an Instagram scammer, he decides to “have fun with them” over DMs:
Two days ago, Carrington J. Tatum, a reporter with MLK50 announced his Instagram account getting hacked to promote crypto scams.
BleepingComputer has come across several other people bearing the brunt of these Instagram profiles that are surging in number.
Crypto enthusiast FEYI warns that such projects, especially NFTs promoted on Instagram are most certainly ‘rug pulls.’
Also Read: The 5 Important Things To Know In Security Pen Testing
Rug pulls refer to instances of a crypto exchange or project collecting large sums of money from unsuspecting victims after making lofty claims of big returns on investment, and then vanishing with the funds altogether:
From zero fans to Onlyfans
Another upwards trend on Instagram these days is that of blank profiles or nearly empty profiles used for promoting adult content. These profiles have minimal to no information except for a profile picture and have zero to a handful of followers and posts.
These accounts serve no purpose other than having external links in their profile descriptions that lead to adult content or Onlyfans pages.
The person operating these profiles may approach users via unsolicited DMs or follow requests, urging the user to check their content out.
One such profile, out of the many seen by BleepingComputer, is shown below:
Notice how “Zachary Adams” follows about 200 users but has got under ten followers and zero posts.
The external link in the bio does not lead to a real person’s profile or Onlyfans account either, but a spam website featuring adult content that is unrelated to the “Adams” in question.
Once again, it’s entirely possible for adult performers to maintain a social media presence and interact with their fans, but nearly-empty profiles are an instant red flag and could very well be a case of impersonation and identity theft.
I have repeatedly come across cases where photos of my friends were lifted off their Instagram profiles and reused by scammers to create fake Instagram personas promoting sexual content and services.
Such actions of spammers, including sending inappropriate links and unwanted risqué content to users (via DMs) do very well constitute online sexual harassment.
They can especially have a negative impact on the online presence of honest users who may not even be aware that their images are being used for illicit online activities.
What can you do to protect yourself?
Unfortunately, the pace at which suspicious accounts are springing up on Instagram seems to outrank the platform’s ability to take these accounts down.
As such we are not sure how efficient or effective reporting suspicious profiles to Instagram is.
Some even wonder if virtually every user on the platform will gradually get scammed by the new crypto and forex scams that continue to surface on Instagram:
Others report long delays when attempting to get the Facebook-owned platform to tackle cases of hacked accounts:
The simple advice remains to steer clear of accounts that are blank or appear to have zero to few posts and followers. If not malicious, these could just be “sock” accounts looking to scrape your content or stalk you.
It might be a good idea to tweak your Instagram’s privacy settings, or perhaps to switch to a private account.
If approached by profiles promoting crypto schemes or making heightened promises of doubling your cash, it is best to cease interactions, and preferably block the account so they can stop hounding you and your connections.
For those with private Instagram profiles, think twice before accepting follow requests or DMs.
For example, an attractive-looking user or an empty sock account may first request to follow you, and once in, steal your identity and intimate photos. They can later reuse your content in their crypto or adult scams. As such, new requests from unknown accounts must be carefully scrutinized.
If you come across a “second” or “backup” account belonging to your friend, it is best to contact them outside of Instagram to confirm if they are indeed the ones behind this account.
BleepingComputer contacted Instagram and its parent company Facebook (Meta) well in advance for comment but we have not heard back.