As social media users, we are all exposed to various malicious activities, especially younger people. According to information security experts, some threat actors are taking advantage of a small Instagram trick that recently went viral among aspiring influencers, mainly teens, to violate their privacy.
As an easy way to gain access to various details about the reach of their posts, thousands of Instagram users, or even millions, are changing their account settings to operate as a “business profile”. By doing this, users gain access to the platform’s analytics tools, from where they can see who and when access their posts, among other metrics about their profile’s performance.
Although this may sound really appealing to thousands of users, this trick has a serious privacy drawback. To complete the transition to business profile, users must make their phone number or email address publicly available; McAfee information security specialist Alex Merton-McCann believes that implementing this change could have truly unpleasant consequences for younger and exposed users of this social network.
“For contact purposes, business account details must remain exposed to the public; this means that anyone, including online stalkers and sexual predators, has the means to directly contact any Instagram user,” she says in a blog post.
“This decision, facilitated by the developers of the platform, not only compromises the privacy of the users who apply this change, but also has the potential to expose the privacy of their contacts, all in exchange for a few <<likes>>”, added the information security specialist.
Finally, the specialist called on Facebook, the company that owns Instagram, to implement better security measures and greater restrictions for creating business accounts and preventing malicious users from taking advantage of these oversights. “Younger users are especially vulnerable to promises of profit through their social media profiles, this type of activity encourages data disclosure and even sensitive images and other content leaking” she said.
In response, Facebook spokespersons mentioned that users who have made this change to commercial account are notified of the exposure of their contact information. “We allow users to use the “Business Profile” feature to help them start their business. Users are informed about the status of their contact information at all times in this process, and it is possible to update and hide that information,” the spokesperson added.
Curiosity about who visits our social media profiles has already been exploited in previous opportunities. According to information security specialists at the International Institute of Cyber Security (IICS), millions of Facebook users have been deceived with advertisements that promise tools to record visits to their profile; when clicked, users might find only advertisements from other sites or, in the worst cases, malware or phishing pages. “Facebook doesn’t provide tools for users to review who has visited their profile, nor do we allow external services to provide this information,” the spokesperson says.