Background
There is an increasing number of reports from local Instagram users who have been receiving direct messages (DM) from an unfamiliar account claiming to be an “old friend” who would like to share some old photos.
Using an account with a common local name, the scammer then asks the victim to click on a TinyURL link to access the photos. Once clicked, the website would ask the victim for their Gmail username and password, enabling the scammer to capture the user’s credentials. In some cases, the victim would be redirected to another phishing website.
IMPACT
- Victim may lose control of their email account
- Other online services connected to that email account could be compromised
- Exposure of sensitive documents, financial and personal information
- Scammer may get through the email-based Two-Factor Authentication (2FA) and change security settings
- Impersonation of the victim i.e. identity theft
- Scammer may try to crack the password of the victim’s other online accounts
- Victim may get blackmailed
RECOMMENDATIONS
- Never click on links from unknown senders
- Filter your friend list on your social media
- Never give out your login credentials
- Immediately change your passwords for all accounts
- Do not use the same password for multiple accounts
- Try to recover your email account
- Change or confirm your password recovery information
- Backup important mails
- Inform all your contacts in the email account’s address book that your email has been compromised