- Table of contents
The Hidden War on Instagram: Brands vs. Impersonators
Instagram became massively popular by making it simple for anyone to share photos and videos. But from the perspective of cybersecurity and brand protection, there’s a downside to the ease with which anyone can create an Instagram account and begin sharing content: The risk of Instagram impersonation.
Instagram impersonation occurs when a malicious user creates an Instagram account that pretends to be owned by or associated with another entity. In other words, Instagram impersonation involves the creation of fake accounts that are not owned by whomever they say owns them.
And we’re not talking here just about accounts that impersonate private individuals. Instagram impersonation can also cause serious financial and reputational harm to businesses when attackers create fake accounts that pretend to be owned by a particular company or an executive associated with it.
That’s why Instagram monitoring software and strategies play such an important role in protecting brands and mitigating cybersecurity risks for businesses. For details, keep reading as we unpack what causes Instagram impersonation, why it can be difficult to prevent and how organizations can protect themselves from misuse of their identities on Instagram.
How Instagram impersonation impacts businesses
The reason why Instagram impersonation happens is simple enough: It’s very easy to create Instagram accounts, but reporting fake accounts can be a time-consuming and error-prone process – so there’s little to stop malicious actors from creating fake profiles and using them to carry out cyber attacks against people or businesses.
This isn’t to say that Instagram (or its owner, Meta) doesn’t care about the issue of account impersonation or take steps to address it. Instagram users can report accounts that they suspect to be fake in the app, and Instagram provides an online form for impersonated accounts specifically.
The problem, though, is that it can take a long time for Instagram to take action against impersonated accounts. As one social media influencer impacted by fake Instagram accounts told Business Insider, “reporting [Instagram impersonation] accounts has been a nightmare.”
Another said that she had been reporting accounts that impersonate her for a year, but had not heard from Instagram about them. And as an anonymous user complained on Reddit, “Instagram will not delete a page that is impersonating my sister and scamming people.” Large brands experience this on a near daily basis meaning it is a constant battle.
Given the challenges that users and brands report in dealing with impersonated accounts, it’s no surprise that about one in ten Instagram accounts are believed to be fake – or that fake accounts can operate in ways that give their owners a lot of influence. In reviewing accounts that impersonate Marko Zlatic, a founder and finance influencer, Business Insider detected twenty individual accounts, one of which had nearly 100,000 followers, a reflection of just how convincing such accounts can be.
Even worse, some users report that when they reported fake profiles, Instagram or Meta actually shut down the accounts of legitimate users instead – apparently due in part to automated decision-making systems that leave impacted parties no avenue for swift account recovery.
Why does Instagram impersonation occur?
Sometimes, fake Instagram profiles stem from efforts simply to annoy an influencer. But they’re often part of much more insidious cyber attacks.
- For example, fake accounts can serve as a vehicle for collecting PII, login credentials or other sensitive information. This happens when an impersonated account asks other Instagram users to share private information. If the account looks real, victims may hand over their data, especially if they believe they’re interacting with a business they trust.
- Malvertising is another motive behind many Instagram impersonation schemes. This involves using fake accounts to distribute advertisements that install malware or direct users to malicious websites.
- Fake job postings are a third common reason for Instagram impersonation. Cybercriminals use fake accounts to place job ads as part of scams to pilfer or launder money, perpetrate identity theft or conduct various other types of unlawful activities.
How to stop Instagram impersonation
Given the ease with which malicious parties can create fake accounts and the difficulty of removing them quickly through Instagram’s standard reporting channels, what can businesses do to protect themselves from account impersonation?
While there’s no magic bullet, there are several effective practices.
-
Employee and customer education
First, Cyberint recommends educating employees and customers about the dangers of interacting with potentially fake accounts or content distributed by them. For instance, employees should know not to click on links shared by a suspicious account unless they verify them first.
Standard anti-phishing education often covers these sorts of practices. But because most phishing training centers on more traditional attack vectors (like email), it’s important to teach employees that Instagram, too, can be a medium used to steal data or harm companies.
-
Monitor accounts using Instagram monitoring software or tools
To detect impersonation of their own business or VIPs, organizations should monitor Instagram accounts, then identify ones that claim to be owned by the organization or VIP, or that distribute content designed to represent them. And while manually monitoring accounts for this purpose doesn’t scale, Instagram monitoring software is available that can help automate the process. When you have automated scanning tools available, you can monitor Instagram for brand impersonation continuously, not just once a quarter or year.
Importantly, monitoring should focus not just on identifying inappropriate uses of a company’s name, but also its domain names, the names of employees and its logos, since all of these could be misused as part of an impersonation campaign.
-
Take rapid action against impersonated accounts
If you discover an account that is impersonating your brand, don’t just fill out Instagram’s form and cross your fingers for a rapid resolution. Instead, work with a takedown services provider that has a relationship with the Instagram team and knows how to remove the malicious account quickly.
We’ll take this opportunity to brag about Cyberint, now a Check Point company, which has a 97% success rate with Instagram takedowns and an average Instagram takedown time of 24 hours.
About Cyberint, now a Check Point Company
When it comes to protecting your brand, employees and customers online, we have you covered. We continuously monitor Instagram and other social media sites, provide VIP protection and identify data leaks and references to your company among threat actors. In each of these ways, Cyberint, now a Check Point Company helps to mitigate online threats proactively and prevent the loss of account credentials and violations of customer trust.
And, if you do detect brand impersonation, we can assist with rapid takedown. Learn more by getting in touch.