Victims are being tricked into revealing Two Factor Authentication (2FA) codes and extorted for money with the threat of having their personal photos shared publicly if they don’t pay up.
Action Fraud has received multiple reports about Snapchat and Instagram accounts being compromised as a result of users being tricked into handing over 2FA codes to fraudsters. The victims are then extorted for money with the threat of having their personal photos shared publicly.
Action Fraud are telling users to not respond to messages that ask for your login details or two-factor authentication (2FA) codes. These can be used to compromise your account. They are asking users, if they receive any messages like this, to use the report functions within Snapchat and Instagram to flag spam messages, or accounts that may have been hacked.
How to protect yourself
- Don’t reply to the email, or be pressured into paying: it only highlights that you’re vulnerable and you could be targeted again. The police advise that you do not pay criminals. Try flagging the email as spam/junk if you receive it multiple times.
- Perform password resets as soon as possible on any accounts where you’ve used the password mentioned in the email. Always use a strong, separate password for important accounts, such as your email. Where available, enable Two-Factor Authentication (2FA).
- Always install the latest software & app updates. Install, or enable, anti-virus software on your laptops & computers and keep it updated.
- If you have received one of these emails and paid any money, report it to your local police force. If you have not paid, report the email as a phishing attempt to Action Fraud.