Scammers tricked users into handing over their passwords

Nov 13, 2013 15:50 GMT  ·  By

Experts say that at least 100,000 Instagram users might have fallen victim to a scam that promised likes and followers.

Symantec experts have told Mashable that scammers developed an app called InstLike, which instructed users to provide their login credentials. In addition, the shady application promised more followers and likes to those who purchased virtual coins.

The Android variant of the bogus app was hosted on Google Play between June 9 and October 25, while the iOS version was available for download on the App Store between September 19 and November 7.

Symantec’s estimate of 100,000 victims is based on the fact that InstLike was downloaded between 100,000 and 500,000 times from Google Play. The real number of impacted users could be much higher, especially since the app was ranked number 22 in the “Utility” apps section of the Apple App Store.

According to experts, a lot of Instagram users appeared to have paid for extra likes and followers since the application was among the top grossing apps in the utilities section of the App Store during the month leading up to November 7.

So how does InstLike work?

The scammers tell users to enter their usernames and passwords to get free followers. The followers and likes are delivered because the app’s operators use the credentials they’ve harvested to follow and like accounts.

The more Instagram customers gave their login details, the more followers InstLike could provide.

The apps have been removed from Google’s and Apple’s app stores. However, the InstLike website is still online. Users are advised to refrain from downloading it. If you’re already a victim, it would be wise to change your password.