As its popularity among users grows, Instagram is becoming more and more exploited by cybercriminals. Security experts from Trend Micro have spotted a new Facebook clickjacking scheme that relies on the photo sharing app to lure users to malicious sites.
It all starts with a Facebook post that advertises an app which allows customers to see who has been viewing their profiles. To attract the user’s attention, the scammers are tagging them in photos posted on their friends’ timelines.
Users who click on the provided link are taken to a fake Facebook page where they’re instructed on how to generate a verification code, represented by a URL, and paste it into a designated textbox. Then, they’re asked to install the Instagram for Facebook app.
This allows the attackers to re-post the scammy message on the victim’s behalf, along with an album called Instagram Photos.
Depending on the victims’ location, they’re redirected to web advertisement or online deal sites that ask for email subscriptions.
Experts have found that the malicious link has already been clicked more than 825,000 times by users mostly located in India and the Philippines.
Users are advised not to click on links contained in suspicious posts, even if they’re published by their contacts.