Pinterest Stumbleupon Whatsapp
Ads by Google

Someone is pretending to be me online. They’re using my name, an article I wrote, and a fake email address to try and hack Instagram accounts. In the past month, I’ve received two emails from people that my impersonator was trying to scam.

Here’s what’s going on and what you can learn from it.

The Backstory

Last year I wrote an article called 11 Hilarious Instagram Accounts You Need to Follow Right Now 11 Hilarious Instagram Accounts You Need To Follow Right Now 11 Hilarious Instagram Accounts You Need To Follow Right Now From awesome old ladies to crazy ex-boyfriends, these 11 hysterical accounts have something everyone should enjoy. Read More . It wasn’t anything dramatic, just a list of 11 Instagram accounts I enjoyed and felt other people would too. I sent it to my editor and thought nothing more of it — this is a dance I do every day. The article ran and did pretty well. End of story, or so I thought.

Towards the end of September this year, I received an email from the people behind The Exquisite Lifestyle, a luxury lifestyle Instagram account with 223,000 followers. They’d received an email from someone claiming to be me which said:

Exquisite Instagram Email

They were certain it was a scam and were kindly letting us know that something was going on.

Ads by Google

We talked it over among ourselves at MakeUseOf but came to the conclusion there wasn’t much we could do. We weren’t really sure what the scammers were trying to achieve. As a writer, I don’t normally get a lot of access to other people’s Instagram accounts! Bruce Epper, one of our security experts, contacted Google to try and get the email address shut down but nothing came of it. I put it to the back of my mind and went on with my life.

The Second Email

At the start of November I received an email from a second Instagram account. My impersonator had reached out to Clothes.Models, a fashion account with 131,000 followers, and spun them the same story. The only thing that changed was the name of the Instagram account in the email:

Clothes Models Instagram Email

The people behind Clothes.Models, however, weren’t so quick to spot the scam. They wrote back saying they were interested in being featured. What happened next gave us a lot more insight into what was going on.

The scammers responded with an email that said:

Clothes Model Email Contact Number

This is important, and we’ll come back to it.

A few days later, the scammers sent another email:

Instagram Scammer Final Email Draft

The link takes you to a fake version of the Google sign in page. Plug in your account details, click sign in and you’re redirected to the real Gmail site. The only thing is, the scammers now have your login details.

Redirect Fake Google Login

Thankfully, the people behind Clothes.Models saw the scam and didn’t try to log in. Instead, they contacted me to check if everything was above board. It obviously wasn’t, which is why I’m writing this article.

So What’s Going On?

Let’s break it down:

  • A scammer, pretending to be me, contacts a big Instagram account and claims they want to feature them in an article.
  • When they respond, they ask for a contact number.
  • Finally, they claim the article is ready and send the account holders a “Google Docs” link with a draft for them to “approve”.

Although this, superficially, appears to be okay, there are some major red flags. By the end of the process, the scammers have total control over your Gmail account and all the details they need to do a password reset on your Instagram account. They’ve also got enough information to potentially beat two-factor authentication Two-Factor Authentication Hacked: Why You Shouldn't Panic Two-Factor Authentication Hacked: Why You Shouldn't Panic Read More .

That’s a really bad situation to be in.

The Red Flags

Thankfully both Instagram accounts who contacted me caught on to the scam before it was too late. There were some big warning signs in all the emails so let’s go through them

First, writers like me don’t need your permission or approval to write about you. As long as what we say is true Think Before You Post: Can You Be Sued For Libelous Tweets and Facebook Posts? Think Before You Post: Can You Be Sued For Libelous Tweets and Facebook Posts? Libel laws have been around for centuries, but most people didn't have to worry about them. Social media changed this. Read More , we’re protected by freedom of speech laws in most countries in the world. This is especially true of an article called, “Top 15 Instagram Accounts Everybody Should Be Following”. If it’s going to be nothing but positive promotion, then there is no way a writer is going to reach out for your approval. I didn’t contact any of the accounts in the 11 funny Instagram account articles; I just wrote about them.

Second, big sites like MakeUseOf don’t use generic Gmail addresses. Each of our writers has their own AuthorName@MakeUseOf.com email that they’ll contact you through. To find any author’s email, check out their author page (here’s mine).

MakeUseOf Harry Guinness Author Page

Third, basic list articles don’t pay enough for writers to spend time reaching out to every site individually, especially over the phone. It’s a good way to make money online Your Guide to Making Money Online: Writing, Transcribing and Tutoring Gigs Your Guide to Making Money Online: Writing, Transcribing and Tutoring Gigs This is your guide to making money online. There are plenty of legitimate ways to earn money if you're savvy enough. Read More , but you have to do quite a lot of writing. If I’m conducting a big interview or an investigative piece, it’s different. But for a list of 15 Instagram accounts, there is no way a writer is going to need your phone number.

Fourth, while in exceptional cases I might show someone a draft for approval, it certainly won’t be an editable Google Doc. You might get asked to fact check a draft, or make sure that your views are accurately represented, if I interview you but you won’t be able to add “anything you would like”.

Fifth, any link to a Google sign-in page that doesn’t take you to one of Google’s websites is fake. Never, ever enter your details. It’s also worth checking to see if the site has an SSL certificate What Is an SSL Certificate, and Do You Need One? What Is an SSL Certificate, and Do You Need One? Browsing the Internet can be scary when personal information is involved. Read More . The fake sign in page the scammers used didn’t have one which was another big clue that something was off.

Staying Safe Online

There’s a growing industry in stealing big social media accounts. They’re worth real money. If you run one, be very careful with your contact details. Even regular users sometimes have their accounts hacked Has Your Facebook Been Hacked? Here's How to Tell (and Fix It) Has Your Facebook Been Hacked? Here's How to Tell (and Fix It) There are quite a few things that you can do to prevent an attack on your Facebook account, and a few things you can do to fix things if it does get hacked. Try this. Read More .

Staying safe online isn’t complex Understanding How to Stay Safe Online in 2016 Understanding How to Stay Safe Online in 2016 Why do some users blindly wander the Internet with the bare minimum of online security software installed? Let's look at some commonly misconstrued security statements, and make the right security decisions. Read More : you just need to be aware of what you’re doing. If something seems too good to be true, it probably is. If you’re picking up red flags from someone, there is a reasonable chance they are trying to scam you. The emails the scammers sent had plenty of big signs that something was amiss. Look out for things like these, and if you feel uncomfortable, cut off all contact.

This was a targeted spear phishing attack so not everyone is likely to be the victim of something similar, but the lessons are universal.

Being impersonated online is really weird. I’m still not sure how I feel. If you’ve ever been affected by an attack like this, please let us know in the comments. We’d love to hear your story.

Leave a Reply

Your email address will not be published. Required fields are marked *