Recently sold to Facebook for a staggering US$1 billion, photo sharing mobile app Instagram has enjoyed a year of explosive uptake.
It is so popular in fact that, according to Facebook's Mark Zuckerberg, Instagram has hit the 100 million registered user mark. Note, this was back in September.
And as with other popular social networking sites, the scammers have begun to move in. Taking advantage of Instagram's large user base and approaching from a variety of angles.
Apart from the rogue Instagram apps for Android previously reported by Trend Micro, a new scam has been making its rounds on the photo sharing site.
Cyber criminals are masking themselves as retailers, offering fake gift cards and vouchers while collecting user information and e-mail addresses.
How it works
The supposed 'retailer' posts a photo on their 'official' Instagram page asking users to follow, share, tag and state their e-mail address, with the first 20,000-30,000 followers standing to win a few hundred dollars worth of vouchers.
Retail brand names that have been used include Zara and H&M. Starbucks and Forever21 may also be victims but the companies have not responded for comment and thus this claim cannot be confirmed at time of publication.
Though there is nothing outwardly harmful about the photos, users who repost them reveal their e-mail addresses which could ultimately be harvested by the cyber criminal and sold for spamming purposes.
Cyber criminals do make money from bulk data theft; according to Trend Micro, 1,000 Hotmail or Yahoo Mail credentials can be sold for about US$8 and 2,200 Twitter credentials for US$75. How much could Instagram credentials be worth, considering it has already surpassed Twitter in terms of active daily users.
Resisting the allure of free money
"Of late, we notice there are some problems with false H&M accounts offering gift cards etc. to consumers. We would advise people to be careful with such," advised an H&M spokesperson.
The scammer posted the false voucher giveaway under the moniker '@hmofficialinstagram', offering $300 in vouchers for the first 25,000 followers. Going a step further, the user added a website address to the description.
A visit to the website will redirect the user to a 'Claim your gift by doing this survey' site to phish more detailed personal information.
According to H&M, the company has alerted Instagram regarding the fake users and a search for the username revealed that it ceased to exist. However a search of the '#hmofficialinstagram' hashtag showed a total of 1,098 reposted photos stating e-mail addresses.
Another brand name affected by the recent scam tactics was popular retailer ZARA, whose fake Instagram site offered a $200 gift card to 200 users a day.
Sign up for CIO Asia eNewsletters.