Instagram ‘verification code’ scam: Criminals attempt to hack into people’s accounts with distressing attack

Andrew Griffin
Friday 18 March 2022 12:46 EDT
Comments
(AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Scammers are attempting to break into people’s Instagram – and in a fresh, distressing way.

In recent weeks and months, reports of a “verification code” scam have increased all over the internet, as attackers look for new ways to break into accounts.

The scam begins apparently innocently, with a message from a friend’s account. They will generally claim that they have lost access to their account for some reason, and that Instagram has told them to pick a friend to receive a verification code on their behalf – before asking the targeted person for help.

If they agree, they will receive a code, and are then asked to hand it over in the message. But the code is actually for their own account – and the person they believe is their friend is actually an attacker that has broken into their account.

If people are taken in, then the attackers will use that code to break into their own account. From there, the scam will presumably continue, using the victims’ account to message their friends, and get access to even more accounts.

Being targeted by the scam can be a distressing experience. People have reported receiving messages from hacked accounts belonging to dead friends and family, or scammers that have tried to pretend they have found victim’s lost pets and lure them in with the promise they will be returned.

The scam works because Instagram – and many other platforms – offers a way to get into accounts when their owners have lost access, such as when they have forgotten their password.

In order to give them access, Instagram sends a message to the phone number registered to their account, and input that back into the app. That ensures that the person trying to get in has access to that registered phone.

In the hack, however, it is scammers who press that button, and have the verify code sent to the victim’s phone. So when the victim hands over the code they believe is for their friends account, it is actually their own, and they lose access to their account.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in