Three fake Instagram profile variations utilized to make scammers money through affiliate marketing programs.
In current months, Symantec Security Response has observed a stable influx of fake profiles in the social photo-sharing solution Instagram. These fake pages, designed to use photographs taken from legitimate profiles, function three variants to adhere to users and photos that are like. Through these interactions, they lure users for their pages to be able to make a payment through affiliate links to adult dating internet sites.
Influx of fake pages Sometime in November 2015, users publishing pictures to Instagram started observing loves and follows from unknown users.
Figure 1. Fake pages on Instagram follow users and photos that are like
Three profile variants Among these profiles, we now have seen at the least three variants.
Pages within the variation that is first a taken avatar picture, but no real photos on their profile page. Their bio may or might not include some information, however they could have a web link resulting in a grownup dating site.
Figure 2. Profile variation number 1 contains no pictures, simply a hyperlink in the profile bio
Pages into the 2nd variation have a taken avatar and matching stolen photographs. They have some suggestive text in the bio (“Are that you intercourse giant? We wait you right right here! ” “If you’re right down to fulfill and connect with singles towards you, always always check out of the website link below”), along side a hyperlink causing a grown-up dating internet site.
Figure 3. Profile variation number 2 features taken photographs
The profiles serve as an intermediary in the third variation. They include a single photograph split up into tiles to create the photograph that is full. They overlay a switch aided by the caption “18+” that is strategically put on different parts of the body. Simply clicking some of the pictures within the tile will expose an email instructing visitors to attend the “official profile” that will be connected. This last profile contains a random range of pictures of females in bikinis and underwear. The bio claims that the customer may have an erotic conference if they go to the link when you look at the profile.
Figure 4. Profile variation number 3 directs users to a different profile
Adult dating landing pages In all the profile variants, backlinks lead users to a website landing page for a grown-up website that is dating. Backlinks on their own may direct the consumer towards the web site you need to include an affiliate marketer ID, or they’re going to direct the consumer to a typical page that functions as an intermediary into the adult that is actual internet sites.
Figure 5. Adult dating internet site landing pages
Affiliate marketing programs would be the driving force behind adult relationship and webcam spam on various dating and social network applications. Unlike past examples they won’t converse with users through the Instagram Direct feature that we have identified, the fake profiles on Instagram are not bots.
Stolen photographs predicated on some of the fake pages, we genuinely believe that a lot of the photographs utilized were extracted from genuine pages of popular Instagram users. A model and YouTube vlogger for instance, one of the fake profiles stole photographs from Julia Pushman.
Figure 6. Initial picture (left) what is eastmeeteast taken and applied to a fake profile (right)
Report fake pages to Instagram with more than 400 million monthly active users, Instagram the most popular applications that are mobile. It comes down as not surprising that the solution has become popular with also scammers. Instagram users must be skeptical of unsolicited loves or follows from fake pages. You have encountered a fake profile, you should report it to Instagram as spam if you believe.