Scammers are impersonating social media giant Meta and sending malicious DMs to Instagram users. The bogus DMs accuse their recipients of violating copyright rules and urge them to file an appeal to avoid their accounts being closed. But completing the fake appeal form gives scammers access to the victim’s Instagram account, allowing them to use it for fraud or to sell it to other criminals.
In this post, I’ll examine a bogus DM sent by a copyright scammer and the fake appeal form they want their victims to complete. I’ll explain how the scammers use it to steal Instagram accounts, tell you what to do if you fall for the scam, and point out red flags to help you avoid becoming a victim.
The Reddit user NutmegOnEverything received a scam Instagram DM warning their account would be “deactivated within 24-48 hours” for “rule violations.” The bogus infractions included “sharing copyrighted content,” “artificial likes and followers,” and “unwanted content and messages.”
The message urged NutmegOnEverything to “fill out the appeal form to view and appeal complaints.” It contained a link to the form: https://bio[.]site/metacopyrightverification.com (I’ve put square brackets around the “.” to ensure people do not accidentally visit the scam site).
At a quick glance, this might look legit. After all, it ends with metacopyrightverification[.]com, which sounds official. However, it’s not a legitimate URL.
Looking more closely at the URL, we see it starts with bio[.]site, which means it leads to a page made with Bio Sites. Bio Sites is a service provided by Squarespace which allows users to make a one-page website with a URL of the form bio[.]site/username. This means the URL in the scam DM does not lead to an official Meta webpage.
It’s also worth noting that metacopyrightverification[.]com is not an official Meta webpage either. In fact, that domain is not currently registered and, according to Whoxy, may not have been registered before at all. So, don’t assume a domain is legitimate just because it contains a company’s name.
But what happens if you receive a similar DM, panic and click the link? How does the scam work? I used online sandbox Any.Run to safely visit the scam link and see exactly what the scammers were up to.
The scam site
If you click the fraudulent bio site link, you’ll be presented with the following message: “YOU HAVE BEEN REDIRECTED TO THIS PAGE AND YOUR ACCOUNT VIOLATES OUR RULES.CONTINUE THE FORM BY PRESSING THE GO TO FORM BUTTON.”
The poor grammar is a warning sign that the site is fraudulent. But if you’re panicked, you might not pick up on it and instead press the button as instructed. If you do, a new tab will open and you’ll be sent to a different site. In this case, businessformetasupport[.]com.
A WHOIS lookup for that domain shows it was registered just a few months before NutmegOnEverything received the scam DM, which is a red flag. The owner of the domain is also hiding their identity using a WHOIS privacy service. This isn’t necessarily a red flag in general, as it is very common for domain owners to use a privacy service to avoid spam. However, it’s suspicious that Meta would hide their information, especially when they do not do so for their facebook.com domain.
The businessformetasupport[.]com site again claims that Meta’s rules have been violated and threatens permanent account closure “within 24 hours if an appeal request is not received.” If you attempt to appeal, you’ll be asked for your Instagram username and then your password, “to verify that you are the real owner of your account.” If you enter your username and password, however, you’ll be giving them to scammers, rather than to Meta!
While two-factor authentication (2FA) can offer some protection from phishing scams, more sophisticated operations can get around that as well. As I did not enter legitimate credentials on this phishing site, however, I can’t say for sure whether the scam works against accounts protected with 2FA.
What can happen if scammers access your Instagram account?
If the scammers get access to your Instagram account, they can cause a lot of grief. First, they’ll likely use your account to scam your followers. After all, someone is more likely to believe what the scammers say if they think they are you! That can cause financial damage to your followers and ding your reputation, too, even though you’re also a victim!
With the scammers in control of your account, they can also delete all your content. So, photos with sentimental value may be lost if they decide to wipe them out. They’ll also be able to see all your DMs and potentially make private conversations public. Yikes!
What should you do if you fall for the scam?
If you fall for this scam and enter your username and password on a phishing page, first check to see if you can still access your Instagram account. If you can, immediately change your password, turn on 2FA, and log out all other active sessions. Also check that the scammers haven’t altered your contact details, added any suspicious third party apps, or linked any other accounts.
If you can’t log in to your Instagram account, try requesting a login link to see if you can regain access that way. If the scammers have changed the contact details for your account, however, the login link will be sent to an email address or phone number they control. In that case, check to see if you received an email from Instagram alerting you about changes to your contact details, as you may be able to use it to reverse the changes (though make sure the email is genuine first!).
If you’re still unable to regain access to your Instagram account, you’ll need to contact Meta’s support and follow the instructions for verifying your identity.
What can you do to avoid the scam?
To help avoid this scam and similar ones in the future, keep these tips in mind:
- Remain calm. Scammers will tell you scary things, e.g. your account will be suspended, or you’ve been hacked, to make you panic. If you panic, you’re less likely to think critically and more likely to follow their instructions. So, if you receive a message that sounds scary, take a few deep breaths to calm down. Then think critically about the message and any instructions it contains and look out for the warning signs of a scam!
- Be suspicious of unsolicited links sent to you. If you are sent a link claiming to go to a Meta website, double check it is the correct URL and not a similar sounding one that tries to trick you into thinking it’s legit. Do a WHOIS lookup to find out more information about the domain, such as when it was registered and who the owner is (though their identity may be masked by a privacy service). Newly registered domains are not to be trusted!
- Watch out for poor spelling and grammar. Scam messages and fraudulent websites often contain spelling and grammar errors, while legitimate companies are less likely to make such mistakes.
- Don’t enter your password on unofficial sites. Always check that the URL is correct before entering your password on a website. Better yet, use a password manager, as they won’t offer to fill in your password on an impostor site.
Scammers are trying to steal Instagram accounts by scaring users into thinking they have violated copyright rules. If you receive a message making such a claim and threatening to suspend your account, take a few deep breaths and look at the message critically. If it tells you to go to an unofficial website that asks for your password, it’s absolutely a scam!