SINGAPORE - Some Instagram users have received messages supposedly from their followers that promise gifts that they can redeem by keying in their password in a separate login page that looks deceptively like an Instagram page.
But simply tapping on these links appears to be enough for hackers to gain access to users' accounts - even without entering one's password.
In cases seen by The Straits Times, users first receive a message from a follower with a compromised account claiming he has a gift for them. The message usually says: "This took a few hours to make. I hope you love it."
The contents of these gifts are never specified.
The message comes with a personalised link directing them to a separate website that includes the receivers' username, tricking them into believing the link was crafted especially for them.
Shortly after, swindlers gain access to the user's account and use it to broadcast a similar scam message to other followers, who in turn may be deceived into thinking their friends are offering them a gift.
A similar line of Instagram scams was reported in overseas media, including British newspaper The Independent, which warned that the login page is a sham that allows hackers to enter users' accounts.
It reported: "There (are) no gifts - and instead, that page will simply steal a user's password, with affected people reporting that they are simply thrown onto an online gambling page at the end."
Hackers will then have access to a user's password, allowing them to send the same message to other users, The Independent wrote. It said that the first thing users should do is change their password.
Users should take caution before entering passwords on any website, it added.
Responding to queries from The Straits Times, a spokesman for Meta, which runs Instagram, urged users to pick strong, unique passwords and never share them with people they do not trust.
The spokesman added that users should turn on two-factor authentication in their settings for added security, but did not provide further details on the scam.
She pointed to an advisory under Meta that warns users not to trust messages that offer gifts, demand for money or threaten to delete their account, and to promptly report such cases to Instagram or Facebook, which Meta also operates.