Phishing scam hits Mumbai's Snapchat & Instagram users

Mumbai has been hit by a new type of cyber-crime. The cyber-crooks are targeting social media users, especially the mediums used to chat over messages. The fraudsters send texts to users containing a link and a message saying their friend's profile has been hacked. The users end up clicking on the link to report abuse. This leads to a profile hack, and creates a chain; those on the chat list of the user also start receiving the same message.

The Mumbai Police have received several complaints about such instances of hacking.

Explaining the modus operandi, cyber-crime investigators said, a phishing technique is being used by the crooks. People using applications such as Snapchat or Instagram are the most vulnerable.

Trusting the credibility of the message, people usually click on the link, which is actually phished to obtain the credentials of the user. On clicking on the link, the users are directed to a log in page of the website/app they are using and are asked to enter their profile ID and password to report the matter. The moment the user enters his/ her credentials, the account gets hacked. The cyber crooks create fake homepages to avoid suspicion.

One such case was recently lodged at Kandivali police station. The complainants Instagram and Snapchat account was hacked in a similar manner. She had received a message from a friend on Snapchat asking her to report a profile through a link, stating it was hacked. After clicking on the link, the woman was asked to re-enter her e-mail id and password. The moment she entered her credentials, her account got hacked and her friends began receiving similar messages from her profile.

"When the victim checked with her friend about the message she had sent to her, she was shocked to learn that they have received similar messages, too, and had not sent her the link," said a police officer.

Phishing scam

Cyber-crooks are messaging phishing links using a profile that is already hacked. The victim is told to click on a link, and he/she gets is navigated to a phishing page that looks legit. On entering the credentials on that page, personal details are basically divulged to the crooks.

What is phishing?

Phishing is a type of social media crime, often used to steal user data, including login credentials. Phishing scams prompt users to enter sensitive details on a fake webpage (phishing page) which looks identical to a legitimate web pages. In most cases, the only difference is the URL.

Expert quote:

"One should never click on such links and always check the URL first, which cannot be spoofed. Clicking any link from these messages lead people to a login page. Whenever you find an email that navigates you to a web page, you should note only one thing, that is the URL," said a Shubham Singh, a cyber crime expert.