Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.
Hackers are forcing Instagram users to film hostage-style videos instructing their followers to participate in fraudulent get-rich-quick Bitcoin schemes as part of a new kind of scam that is spreading across the Facebook-owned app.
The news follows Motherboard reporting last week on how a scammer forced one victim to film a video with the promise of getting their money back after sending the fraudster Bitcoin. After filming the video, however, the scammer broke into the victim’s Instagram account and sent the video to their friends and posted it from their profile to try and scam others. After we published the story, more Instagram users got in touch with Motherboard saying they’ve been hacked and forced to shoot similar videos, indicating the issue appears to be more widespread on the social network with victims describing personal, professional, reputational, and financial damage. Multiple victims also complained about the troublesome Instagram account recovery process and the lack of direct communication from the company.
“Hey you guys, I just got back from a long day of work, but Ashly just helped me invest $1,000 and got me back $8,500,” Emma Zoller, who was forced to make one of the clips, says to the camera during her video. “What an amazing way to end the day, and I feel so blessed and appreciative for this process. It’s guaranteed. I suggest doing it.”
But Ashly is a fraudster. The scam started when Zoller saw her best friend post about making money from Bitcoin in an Instagram Story, according to a chronology of the events written and shared by Zoller’s mother with Motherboard. Zoller clicked a link the friend’s account sent her, and a hacker took over her account. The link appears to be a phishing page: ig[.]me.
Initially, the hacker demanded that Zoller send them a nude video to regain access to the account.
“I am bawling my eyes out. I can’t take a nude video,” Zoller wrote to the Ashly account. “I am going to kill myself please you stole everything from me. Please give me my Instagram back please.”
Do you know about any other scams on Instagram or other social media networks? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email email@example.com.
Then, the hacker told her to make a video promoting the Bitcoin mining scam in exchange for her account, according to Zoller’s mother. The hackers did not give Zoller her account back, and instead posted the video of Zoller to a Story.
“I can’t believe bitcoin mining is real, no cap you all should go give it a try, you should go and invest in bitcoin mining it [is 100%] safe and secure,” an image posted to Zoller’s story reads, along with a photo of a spread of $100 bills. The hackers also managed to break into Zoller’s Venmo, email, and banking apps, before sending themselves a $500 Venmo payment marked as an “Investment Fee” and buying $1,000 worth of Bitcoin with Zoller’s funds, according to screenshots shared with Motherboard.
On Friday Zoller’s mother said in another email that Venmo had returned the $500. She added she had managed to make direct contact with a Facebook employee who sent her report to the “Centralized Escalation Support (CES)” team to investigate, according to more screenshots she shared with Motherboard.
Tim Nugent, another victim of a similar scam, sent Motherboard the video they were forced to make by the fraudsters.
“I just got done shopping big, because I made an investment through Star. You get your money quick, you get it fast. Simple as that,” he says to the camera.
“I thought I was talking to a friend the whole time and investing in [crypto] with them,” Nugent told Motherboard in an email. “After I figured out it was a scam, they ended up gaining access to my business account with over 13k followers that I make my living off of.” Nugent uses Instagram to promote his real business Tapes from the Crypt, which sells horror-themed items on Etsy.
“He already [bled] two people and one of my customers dry,” Nugent continued. “It held up orders for me, some customers lost trust, I had emails and messages from my shop with people freaking out. It’s borderline ruining my reputation and business. A lot of my followers have banded together and are pushing and helping me, but Instagram/Facebook [have] been zero help and have not gotten back to me, meanwhile people are losing their pages, money, and identity.”
After Motherboard’s report last week, other journalists also found similar instances of the video scam. Substack publication The Red Tape Chronicles spoke to a victim who was forced to make a video after paying $1,000 to what she thought was an old friend who needed money for a kidney transplant. The hackers later stole nearly $3,000, according to the report.
Instagram previously told Motherboard it recommends account holders use a strong password, such as a combination of at least six numbers, letters, and punctuation marks. The company encourages users to not re-use passwords across different services. This is likely how in some cases a hacker was able to move from one account to another—if a victim gives up their Instagram password to a phishing page but it is the same password as, say, their email, the hacker may be able to access that too. Once in a victim’s email account, a hacker is largely free to reset passwords to many of the victim’s other services too.
Instagram also encouraged users to turn on two-factor authentication. By turning this on, users will protect their accounts with an additional code generated by an app such as Google Authenticator on their smartphone even if the hacker manages to get their password.
On Wednesday, Instagram added that users should not share verification codes with other people. This would include two-factor authentication codes generated by an app.
Several of the victims still pointed to Instagram’s recovery methods as an issue, however.
“The lack of help from Instagram needs to be known, I’m not even sure who they are still messaging and scamming from my account. I feel so violated,” Zoller said. The hacker is still posting scam material from Zoller’s account, potentially tricking others into the scam too, Zoller’s mother said.
Yeri Henfield, the victim in Motherboard’s original story on the hostage-style videos last week, at the time of writing has still not regained access to his account, as he is still having trouble with the recovery process, he told Motherboard in an online chat on Wednesday.