90% off Ray-Bans? It’s a 100% Instagram SCAM!

A scam ad for Ray-Ban sunglasses has been making the rounds on Instagram.

There are many versions, but they tend to feature the Ray-Ban logo and photos of sunglasses, along with the “whoa, what a crazy deal!” offers of “90% off”. We’ve seen one that dangles the cheap-cheap price tag of £17.65 (that’s US $22.13 – for glasses that typically go for over $100).

And of course, you better hurry, since this offer won’t last – it’s one day only! … And has been for a few weeks!

Not everybody is going to see the fake ads and write them off as being the scams that they are, unfortunately. After all, the ads bear the name of a (self-proclaimed) “official” website. Plus, you’ve likely seen these ads being posted by your Instagram friends.

Don’t fall for it, though. It seems too good to be true, which means it is.

(Watch directly on YouTube if the video won’t play here.)

Other fake-ad scams

It’s yet another example of fake ads doing the rounds on social media: we’ve seen an Adidas phishing scam that circulated on WhatsApp, offering “free” (nope!) shoes and money (double nope!). Scammers seem to have a bit of a fancy-footwear fetish: we’ve also seen bogus UGG outlet store scams on Facebook.

We’ve also seen online auctions for cutesy wutesy puppies and kittens that turned from “awww!” to “AAARRRGHHH!!!” in the blink of a scammer’s eye.

Those aren’t really your friends

The crooks behind scams like this often rely on compromised social media accounts to spread their fakery.

So, while it might look like your friends are urging you to take up an offer too good to ignore – it’s more likely to be a scammer who’s cracked their password so they can abuse the trust we place in our friends’ opinions.

That, in fact, is what happened to an Instagram celebrity, Lindsie Comerford, whose account – and then her bank account – was hijacked last year.

Account recovery: it’s like pulling teeth

Actually, recovering a hijacked Instagram – at least until Monday, when Instagram promised to make it easier – is more like painfully trying to pull teeth and then giving up because “72 hours later – still no account recovered!”

Comerford wrote a blog post about her hijacking ordeal.

Well, apparently to get a hacked account back I have got to email support and help 10 times, leave 3 voicemails, and report my account before I could reach a magical help screen that actually guides you towards getting your account back. Getting the help is no easy feat though and honestly it requires sheer digital magic.

Finally I reach Instagram; but only after trying to figure out how to navigate through my email account that has been switched to show only Turkish language.

It took three days of no help and still she didn’t get back her account. She wound up asking an ethical hacker to do it for her. Meanwhile, the crook took full advantage of all that time to first hack her email, and then her bank account, she said.

After a wave of complaints like that, Instagram is finally working on overhauling its kludgy response to hijacks. On Monday, it announced that it’s testing easier ways to get back hacked accounts, even if the attacker has changed a victim’s user name and contact data.

According to the BBC, the trial is of an in-app function through which users submit contact information associated with the account and then receive an access code.

For Android users, it also announced that it’s putting user names on the shelf, keeping them from being claimed for a “period of time” after account changes, whether those changes stem from a hack or the legitimate user doing a legitimate change.

This will hopefully bring much-needed help for users on Instagram, where hijacking has become a bit of an art form. As Vice has reported, hackers have been holding high-profile accounts to ransom for eye-popping prices: they can sell for up to tens of thousands of dollars on underground forums.

What to do?

If you see scam ads like these for Ray-Ban on your friends’ walls, let them know. If they didn’t post them, they’ll need to:

  • Change their Instagram password straight away – to something unique and strong.
  • Set up two-factor authentication (2FA) as well.
  • Review the access they’ve granted to third-party apps and services and revoke any that they don’t use or look suspicious. Go to Instagram Settings > Authorized Apps.