Photo via Vector FX / Shutterstock Remix by Max Fleishman

How Instagram scammers have made off with $420 million

A security firm, working closely with Instagram, identified thousands of unique financial scams.


Dell Cameron


Posted on Aug 24, 2016   Updated on May 26, 2021, 4:52 am CDT

A Baltimore-based security firm says it has identified thousands of scams targeting Instagram users and that members of the military are at particularly risk.

The ZeroFOX Research Team spent four months analyzing Instagram posts with a machine-learning classifier specifically designed by the company to sniff out scams. The algorithm, said to accurately predict whether individual posts are scams nearly 100 percent of the time, reportedly identified more than 4,500 unique scams.

Commonly referred to as the “money flip,” the most popular scam targeting Instagram users typically “extorts victims into sending money or disclosing banking information” by promising to “flip” the money and return a huge profit, according findings ZeroFOX released on Wednesday. Over the course of the study, the company says, it analyzed “over 2 million historical posts from the last two years.” The researchers also interacted directly with scammers using “honey-pot” accounts to better understand how they operate.

The threat-intelligence firm estimates the global cost of the Instagram fraud to banks at an astounding $420 million.

In a 23-page report the researchers offered a list of general patterns observed in the money flipping scam posts:

• Scammers preyed upon users they suspected were in dire financial circumstances; for example, people with outstanding debt or unpaid bills. By appealing to their sense of desperation, scammers hoped to make them think that relief was a just few simple steps away.

• As a throwback to the classic hustle, scammers tried to create a sense of urgency by encouraging victims into making impulsive choices. By fostering the perception that opportunities were time sensitive, scammers attempted to capitalize on impaired or rushed decision making.

• Oftentimes, the scammers employed accomplices who made comments on the scam posts and offered believable testimonials about the advertised process. These modern day shills offered deceptions such as, “I can’t believe it really works!” and, “I did this last week, this is so legit.”

ZeroFOX co-founder Evan Blair tells the Daily Dot that the money flipping schemes are one of the biggest issues facing its clients, top-tier financial services firms. “They were losing millions of dollars annually in fraud-remediation costs due to these scams that were happening on Instagram,” he says. “They weren’t able to keep up manually. One of our clients, who is a top-five consumer financial in the U.S., had a team of six people dedicated to just manually scouring Instagram and trying to get these taken offline through the same mechanism that you or I would if we saw something pornographic, for example.”

The company’s research focused solely on Instagram, Blair says, because the researchers discovered the scams were affecting the platform’s users at about 10 times the rate of other social networks. In comparison, the same scams appeared only sparingly on Facebook. “Instagram has a variety of unique factors as a network, the images being front and center, the openness, the engagement and direct message capabilities; slight nuances that make a big difference,” Blair explained.

Philip Tully, a senior data scientist at ZeroFOX, said that military-centric institutions are being specifically targeted by the scammers, in addition to users believed to be financially desperate. “We did some natural language processing on these scams to try to peel apart and extract what meaningful information we could grab from it, both including what kind of language are they using to convince people and social engineer them,” he said. What the company found was that the topics typically targeted by the scams had very “military-specific sentiment.”

“Military members get targeted a lot in very benign situations by marketing teams,” Tully explains. “If you show your credentials, if you show that you’re a military member, you get a ‘20 percent discount’ at this location. If you’re looking at this from a situation of someone who’s been an active military member, you’re conditioned to believe that people are trying to look out for you and give you a deal.”

ZeroFOX believes the Instagram scammers are cognizant of this “behavior dimension” and may be intentionally exploiting it by using language specifically to attract current and former service members.

“It’s not just military members,” says John Seymour, another ZeroFOX data scientist. “It’s folks that are in tough financial situations as well. People that have more susceptibility to be a victim are the ones that are targeted.” The scammers, he says, will typically look for people who are in situations that gives them a “predisposition to believing” due to their desperate financial circumstance.

“They’re certainly some traditional con-man tactics being used here,” adds Seymour.

The researchers were additionally able to interact directly with scammers by creating fake Instagram accounts. “Surprisingly, we amassed 23 scam account followers within 48 hours of our initial follow of financial institutions,” ZeroFOX’s report says. “These observations imply that scammers are aggressively monitoring fresh followers of financial institutions in order to execute a scam. This should be alarming for any financial institution leveraging social media; for every customer that follows a brand account, expect them to get dozens of follow requests from scammers.” 

ZeroFOX says it is working directly with Instagram to remediate the company’s scam problem through the creation of more “programmatic” reporting and review capabilities. 

Click here to read the full ZeroFOX report.

Share this article
*First Published: Aug 24, 2016, 10:06 am CDT