Alison Giordano just wanted to help out a friend, but instead, she almost lost her Instagram account.
The scam was pretty sneaky: A friend messaged Giordano (who, full disclosure, is a friend of mine) on Instagram asking if she could help her win a contest. The friend would send her a text with a link, and all Giordano had to do was take a screenshot of the text and send it back to her friend. Giordano did as instructed. Moments later, she got an email from Instagram saying someone logged into her account from a different location on a different device.
A screenshot that causes your account to be hacked sounds like a lower-stakes but higher-tech version of The Ring, but what happened to Giordano is actually quite simple. There was no contest, and the text didn’t come from her friend. Giordano’s friend (or, almost certainly, someone who took over her friend’s account and was pretending to be her friend) went to Instagram’s password reset page and requested a reset link for Giordano’s account. That prompted Instagram to send a text to Giordano with a link to access her Instagram account. The URL of the link was in the text, so when Giordano took the screenshot and sent it back, the scammer simply entered the URL in their device, and that let them access Giordano’s account — no password or supernatural curses necessary.
Fortunately for Giordano, she saw Instagram’s email almost immediately and was able to get back into her account before the scammer took…
