Search icon


09th Jun 2019

This is how you can protect your Instagram account from that Ray-Ban scam

Rebecca O'Keeffe


Have you noticed it?

Over the last few days, you’ve probably noticed that some of your friends have posted weird images about sunglasses.

Well, this is a scam, so don’t go hitting them up for cheapo Ray-Bans lads.

Speaking to Mirror Online, Nick Fitzgerald, who is a Senior Research Fellow at ESET, said:

“This appears to be the continuation of, or perhaps the resumption after a lull in, the long-established abuse of compromised social media accounts to post fakes ads, or ads for fake goods.”

He continued:

“Over the years we have seen Twitter , Facebook , Instagram and other online platforms abused to post ads for various footwear brands (notably Adidas and UGG), medications, and Ray-Bans, among many other things.”

So how exactly does one fall victim to this random scam?


Well, according to Nick, it may be down to phishing.

“Perhaps the account owner was phished for their login credentials, either for Instagram or Facebook if they have linked their accounts, or for their credentials for some other account where they use the same credentials as for their Instagram account?”

“Another possibility is that their credentials have been involved in one of the many data breaches the last few years and someone has discovered their (almost) matching Instagram account and (almost) matching password.”

“Or, maybe they just happen to have chosen one of the very common passwords and this account was then quasi-randomly discovered by a credential stuffing attack.”

The issue goes beyond a cheeky Ray-Ban post though, this hack will allow the hacker to access your account, and collect your contact information, and even DM your friends and followers.

Could get messy.

So, the real question here is how can we all prevent this hack from happening?

Well, there a few simple enough ways to avoid this.

Firstly, make sure you’re using a reputable Internet security product, and also ensure you only ever use official Apps.

Make sure your passwords are not obvious, and very unique – this could be your saviour.

And if this scam does happen to you – act fast!

Log out of all sessions other than the one you’re currently using, change your password and set up two-factor authentication.