Houston - Grinches are gearing up to scam you this holiday season.
The Identity Theft Resource Centers says complaints have quadrupled about scammers stealing Instagram accounts.
If you're wondering why cybersecurity experts at Digital Shadows explain it like this: the price for a scammer to buy your Social Security number on the dark web is $2, but the price for your Instagram account is $45.
The ITRC says scammers are taking over Instagram accounts using information either from previous data breaches, including a breach of Facebook, or tricking you into giving them personal information, using Instagram accounts they've already stolen.
"So an individual feels like someone within their network is contacting them, but the reality is that account has been taken over by someone else," said Eva Velasquez, CEO of the ITRC.
Victims are locked out of their accounts while scammers reach out to their followers.
"In one instance, one of the victims had a friend in need of an organ transplant and that person’s account was taken over. They reached out to everyone in the network and said, ‘Hey, we found the organ, but now I need to raise money to get the operation,’" explained Velasquez.
The Better Business Bureau has revealed its "Naughty List" of the top 12 holiday scams this year.
Number one, misleading social media ads.
"You may be on various social media sites and see a product advertised for a low price by an unfamiliar business you’ve never heard of. You place an order and never receive it," said Leah Napoliello with the Better Business Bureau.
Number two, social media gift exchanges, for bottles of wine, or to pick a name and send money to a stranger, or even for a Secret Santa Dog. The BBB says these exchanges are sometimes pyramid schemes.
And number three, holiday app scams, where children can chat with Santa, watch him feed his reindeer, or light the menorah. The BBB says some apps contain malware, or ask for payment information that scammers then steal. So check them out first.
"You can do some research and look them up online. Many of these apps are created by businesses you can find. Put in the name of the app and do a search and use the word scam or look for other customer reviews on the app," explained Napoliello.
Other top holiday scams from the BBB:
- Alerts that your account, such as an Amazon, Paypay, or Netflix have been compromised
- Free gift cards.
- Holiday job offers that seem too good to be true.
- Phishing emails telling you to click on look-a-like websites
- Fake charities
- Fake shipping notifications
- Pop-up holiday virtual events
- Deals on expensive or hard-to-find gifts
- Puppy scams
Many scams are not just conducted through stolen passwords and personal information, they're conducted through what's called social engineering. Scammers are learning about you from your posts on social media.
"They know what’s going to resonate with you. When it comes to charity scams, we know what causes are important to you and what you support. We know what your likes and dislikes are. We know where you get involved," explained Velasquez.
If you have been scammed:
- Report it to your bank or credit card. You may be able to refute the charges.
- Change all of your account passwords using complicated phrases.
- Set up two-factor authentication on accounts whenever possible.
- Report it to the police, the Federal Trade Commission and the Better Business Bureau.
- You can contact the Identity Theft Resource Center for help online or by calling (888) 400-5530.
ITRC offers these steps to reclaim an Instagram account, but recommends closing it and starting a new one.
• Check your email account for a message from Instagram. If you received an email from firstname.lastname@example.org that says your email address was changed, you might be able to undo this change by selecting "revert this change" in that message. If additional information was also changed (like your password), and you’re unable to change back your email address, request a login link or security code from Instagram.
• Request a login link from Instagram. To help Instagram confirm that you own the account, you can request that they send a login link to your email address or phone number. To request a login link:
• On the login screen, tap "Get help logging in" (Android) or "Forgot password" (iPhone).
• Enter the username, email address or phone number associated with your account, then tap "Next." If you don’t know the username, email address or phone number associated with your account, tap "Need more help?" below the "Next" button and follow the on-screen instructions.
• Select either your email address or phone number, then tap "Send Login Link."
• Click the login link in your email or a text message (SMS) and follow the on-screen instructions.
• Request a security code or support from Instagram. If you’re unable to recover your account with the login link sent to you, you may be able to request support for your hacked Instagram account.
For more information on how to do this, visit Instagram’s Help Center for step-by-step instructions.