Buzz
Have you encountered the “I’m running for an ambassadorship position in an influencer program” scam on Instagram yet? In this scheme, a so-called “friend” on Instagram asks for your help by having you vote for them in a fake competition—and the scammers are becoming more creative in their efforts to trick people.
The danger lies in the voting process: The scammer will ask you to vote by sending a link that seems personalized...but it's actually a password reset URL for your account. The scammer will request that you return a screenshot of the link, but not click on it. If you follow through, they can manually enter the link and take control of your account, allowing them to reset your password, lock you out, and target your friends and family next.
How is the scam evolving?
As awareness of scams grows, the fraudsters are adapting. Recently, victims have been tricked into the same trap through various tactics. Some scammers now gather details from your public profile to establish a connection with you.
These scammers could be people you know, like friends who have already been hacked, or individuals who follow some of your acquaintances, giving them a false sense of familiarity. For example, if your profile shows you're Muslim, they'll greet you with “salam.” If you share photos of your children, they'll ask how they're doing. If you're a nurse, they'll inquire about your clinic's workload.
Once they've gained your trust, the scammer will ask you to enter an email address they've sent to you in your account settings, claiming that it’s necessary for the “ambassador program” to “validate your vote.” However, by doing this, you're essentially handing over full access to your account, as the scammer can use that email to trigger a password reset and lock you out. They can then continue targeting your contacts while pretending to be you.
How to avoid falling for the Instagram “voting” scam
Enable two-factor authentication
Enabling two-factor authentication is an effective way to add an extra layer of protection between your account and scammers looking to exploit it. If they try to change your password while two-factor authentication is active, they'll also need to request the code that will be sent to you via email or text. And we all know not to share our personal two-factor codes with anyone, right?
Never share screenshots
This was a revelation for me—I didn’t realize scammers could send links that only appear on your side of the conversation. But now I know: Never send screenshots containing links or sensitive personal information to anyone you don’t fully trust.
Never enter an email address that's not yours into your account settings
This might seem like an obvious red flag, but it’s the kind of thing people overlook just before falling for a scam. If anyone ever asks you to change your account email to something that isn’t yours—run (metaphorically).
Avoid using third-party apps
When everyone else is hopping on the latest apps that link to Instagram to see what they'll look like at 80, resist the urge to follow suit. It's safer to never grant third-party apps access to your Instagram unless you're absolutely certain they won't steal your information or tamper with your account settings.
