Instagram Private Page Stalking
DISCLAIMER
THIS HAS BEEN ISSUED AND WRITTEN ONLY FOR EDUCATIONAL PURPOSES ONLY, TO SEE HOW HACKERS USE SOCIAL ENGINEERING FOR RECONNAISSANCE AND HARVEST INFORMATION ABOUT THEIR TARGETS WE HAVE TO USE THIS TO BE INFORMED AND REALIZE HOW TO PREVENT THIS TO BE HAPPEN TO KEEP OUR PRIVACY SAFE, I DO NOT CONSENT TO MISUSING THIS METHOD IN ANY FORM AND I DO NOT ACCEPT ANY RESPONSIBILITY.
Metadata
Tags: #Instagram #social_engineering #recon #stalking #illegal
EXPOSED: TRUE
Skills needed:
Social Engineering
Creating anonymous accounts (fake / anonymous email and phone number)
Anonymizing your network
Chance of succession: 60% to 85%
Works until: Instagram profile suggestions box in a private profile exists && it suggests people who follows the victim, followed by victim or both.
Source of this method: Mohammad Sadegh Alirezaie
Description
This method has been used and worked to get into an Instagram private account for gathering any information shared over that private account, what you get at the end is an Instagram account that uses to follow and trick the victim to accept your follow request on Instagram account;
What you can get and see:
All the victim’s posts (if there are any)
All the victim's story highlights (if there are any)
Any comment available below their posts
All the followers and the followings list
Public / available posts that the victim has been tagged on
Reposted contents by the victim
Being able to send messages to the victim (as some people limit their messages to their followers/followings) for any purpose (further social engineering attacks and so on.)
Instructions
This method uses Instagram feature we all see in almost every profile we visit,
Every profile we visit has a box called “Suggested for You” which shows us some Instagram accounts that could be related to us (or at least Instagram thinks that way), the thing is when we visit an Instagram account, most of the accounts that suggested below that profile are related to that profile, and there are high chances that both account are being followed by each other, this is exactly what we (as attacker) are going to use;
The First step is to visit our victim’s account and navigate through the suggestion box, as we (as attacker) should have be sure, we’re going to look for some public profiles that has been suggested, open them one by one and check if the both victim and that public profile has been following each other, if so, BINGO! we have found or impersonation account and we mover through the next step;
The second step is to create an Instagram account with the information and photos of the public profile we have found, the best practice is to switch it to a private profile and uses some good texts for bio (like ‘pv page’ or ‘close friends only’) and also have some follows and followers to look more legit, now everything is ready to move to the final step;
The Third step is to send a follow request to to our victim, the profile we want to stalk, what happens here is that most of people never validate the source of request, like calling their friends to see if they’re the real one behind those account or asking if they have truly created a new account so the victim thinks that it’s just another new profile for any reason and accepts the follow request of the attacker, and on that basis attacker gains permission to get and overview of the victim’s followings and followers and so on, It’s also good the remove or footprints as much as we can and remove the account after we finish gathering our information.
Conclusion
In this article we learned how attackers and hackers may use social engineering to gain access to your private Instagram data, it’s also best to validate every request we receive and check if that’s valid, today’d world might look like a big mess but the solution is not to remove the question and giveaway our chances of using Internet and Social Media but gain more knowledge to be more consciousness;
I hope this would have been helpful to you, feel free to share, subscribe to the newsletter or contact me anytime you want.
