Tips

Ugly photos Instagram scam: What is it and how to avoid it?

Welcome to the new age ‘Ugly photo’ scam. A number of users have expressed concern about their Instagram account being hacked after receiving a DM from a person in their follower’s list. Read on to learn what the Ugly photo scam is, and how to avoid it.

What is the ‘Ugly photo’ scam on Instagram?

Ok first off, if you receive a DM from anyone, even a close friend, telling you that your pictures are being used, be alert! The scam works by hacking your account when you input your password into a third-party site. The fake account then uses your personal account to send out DMs to your followers bringing them to the site where they input their password.

The DM with the following message, ‘Have you seen what they have done to your photos’ also contains a link that takes you to a site where you must sign in with your Instagram credentials. When you enter, you will be greeted by pop-up ads, which is an immediate trigger, since Instagram does not have pop-up ads.

What kind of messages are spammers using?

Spammers are using a set of various click-bait messages. The messages seem to be targeted directly at you and will imply that your photos are now being misused illegally. The message will compel you to click on the included link to access this photo gallery but will end up stealing your login credentials instead.

Some of the common messages used by these scams that you should be wary of have been listed below.

  • ‘Look, they are right at the top!’
  • ‘did you see what they did with your pictures Instagram!’
  • ‘ugly photos Instagram 23.9 million followers’
  • ‘Yo, you are in this Ugly gallery man’
  • ‘Hey, your photo was included in the Top 1000 Ugly Photos!’

In the end, you should be aware that any Ugly Photo scam on Instagram will get you to click on a third party link by playing on your insecurities. You should not succumb to your curiosity and instead avoid visiting any ugli photos/ugly gallery links via Instagram.

What to do if you have fallen for the scam?

If you have input your Instagram credentials into an unknown third-party site, the first thing you want to do is change your password! If you use the same password for different sites, you should change those passwords too. For help, see the guide below on how to change your Instagram password.

Next, check your DMs to see if any messages have been sent from your account. If there are, immediately let those people know that your account was hacked and advise them to not to click on the link.

How to avoid scams

As a general rule of thumb, you should never click on unknown or suspicious links. If you do receive the Instagram scam in your DM, immediately let the person know (who sent it), that their account might be hacked.

With regard to passwords, it is never a good idea to keep the same password for different sites, since a hacker would simply need one account password, to access all your other accounts.

Also, do not input your password into third-party suspicious sites. For example, avoid a website that looks like Instagram but does not have the official Instagram address (https://www.instagram.com).

It’s a good idea to check out Instagram’s own page on this to gather more info on avoiding scams.

How to change your password on Instagram

If you want to change your Instagram password, follow this simple guide below. It is also advised that you change your password every one to three months.

To change your Instagram password, launch the app, and go to your profile page by tapping your profile picture in the bottom right corner.

Now tap the hamburger button (three lines) in the top right corner and select ‘Settings’.

Go to Security > Password. Here you must first input your old password, and then the new one that you would like to change it too.

Related: How to create a strong password that you can remember easily

We hope this article helped! Remember, do not click on any unknown or suspicious links. Let us know if you need any assistance with the same, in the comments below. 

Related: