DUBAI: Phishing has become one of the main methods for hackers to access the personal information of social media users across different platforms.
The online hoaxers typically use deceptive messages that appear to come from an official source such as a bank, social media platform, or email service to encourage users to download an attachment or click on a link.
Nadia Diab Caceres, public policy manager for Instagram in the Middle East and North Africa region, told Arab News: “Phishing is one of the most common types of cyberattacks and it can take many forms – from fun quizzes about your favorite cereal brand to receiving direct messages claiming to be from Instagram about issues with your account.”
Instagram users, in particular, have been the target of many such attacks. In September, Romania’s cybersecurity incident response team warned about a targeted campaign against Instagram users in the county, and last year TrendMicro reported similar activity led by Turkish-speaking hackers preying on high-profile accounts on the social networking platform.
Diab Caceres did not reveal the number of users that had been subject to phishing but said: “Phishing on social platforms is an evolving issue that has been increasing in both frequency and sophistication.
“We are constantly evolving our safety and security features to protect our community from cyberattacks. We have strong defenses in our existing security tools and features, and we continue to upgrade these in line with the needs of the times.”
As part of its efforts to raise awareness and increase usage of its safety tools, Instagram has collaborated with influential content creators including Khaled Mokhtar, Amr Maskoun, Aly Osman, Adel Aladwani, and Mazen Yaseen.
Additionally, it is educating users on steps they can take to protect their accounts.
One such way is its new security checkup feature that guides users whose accounts may have been hacked through the steps needed to secure them, including checking login activity, reviewing profile information, confirming the accounts that share login information, and updating account recovery contact information such as phone number or email.
Another method users can take is to enable two-factor authentication, whereby they receive a notification or are asked to enter a special login code when someone tries logging into their account from a device the platform does not recognize.
Enabling login request is available to users setting up two-factor authentication on Instagram. Any login attempt from an unrecognized device or web browser triggers an alert showing details of the device that tried logging in and its location. Users can then approve or deny the request from their already logged-in devices.
A further safety step is to update phone numbers and emails. Instagram advises users to always keep the email and phone numbers associated with their device up to date, so the platform can reach them if something happens to their account, as well as aid the recovery process even when a hacker changes their information.
In addition, Instagram encourages users to report suspicious or spammy accounts and content to help the platform better combat attacks.
There has recently been an increase in malicious accounts direct messaging people to try and access sensitive information, such as account passwords, by falsely stating that the user account is at risk of being banned, that users are violating Instagram’s policies around intellectual property, or that their photos are being shared elsewhere.
Users are urged to report these accounts to Instagram which has stressed that it would never send a direct message to users and would only communicate through the emails from Instagram tab in settings.
“Instagram is a people’s platform, and we are at our strongest when our entire community is aware of and uses the safety features at their disposal,” said Diab Caceres.
