Instagram is a social site for posting and sharing photos. According to the October
security report from Symantec, it's also beginning to harbor security threats.
Wherever there are lots of users, there will inevitably be attempts to trick users into revealing confidential information, and Instagram is only the latest to attract the attention of security watchers. In addition to the new Symantec report, there have previously been several reports of security issues with the privacy setting and other aspects of the site.
The Symantec report's author, Cyber Security Threat Analyst Ben Nahorney, found the threat he explored on Instagram took the form of enticing links and followers.
The Suspicious Trail
He said the trail began when he found a notification on his phone about a comment posted to his Instagram account. The comment read: "Hi there, Get a FREE Game in my Profile, OPEN it up, Get 85.90$ :-) xx."
The profile contained a photo of an attractive blonde woman with more than thousands of followers and a link. Nahorney noted that the link was in the profile, and not in the comment, apparently because Instagram might automatically remove a suspicious link in a comment.
Nahorney said he followed the link under controlled conditions. It led to an offer for a premium service that would send videos of cute animals for a small price each month. To sign up, the service required the user's phone number, which he did not supply.
But, after he deleted the comment on Instagram, Nahorney noticed that his follower count on Instagram doubled in a two-hour period -- and they all had photos of attractive women, none had posted any photos, and each one had a Profile bio with a shortened URL. Although each shortened URL was different, they all led to the same place -- an ad for social media jobs, all of which required your name and email address to obtain more information.
Nahorney noted that this new threat could lead to phishing scams, among other possible security issues. His advice to users is to set your account to Private, don't follow unknown followers, and don't click shortened URLs unless you know where they lead.
As an optional precaution, Nahorney suggests not following or accepting followers without photos -- unless you know the person in question.
In other security news, Symantec's October Intelligence Report also noted the rise of a new kind of ransomware, in which a screen is locked and an audio file is repeatedly played: "FBI warning: Your computer is blocked for violation of federal law!"
On the good-news front, the report said the global ratio of spam in e-mail fell by more than 10 percent since September, which the report attributed in part to lower spam activity emanating from Saudi Arabia. Additionally, overall phishing attempts in October decreased about 22 percent.