Warning! Don’t Fall for the “3 of Your Pictures” Instagram Scam

By now, most people feel pretty confident in their ability to avoid falling prey to phishing scams online. You know not to open emails from suspicious addresses. You know not to click random links that get sent your way. You know not to download third-party apps that will make you susceptible to hackers. (You do know all of those things, right?)

There’s one particular phishing scam going around Instagram that you might not know about, though. It’s been around for a while but is apparently enjoying an increase in popularity these days. It’s known as the “3 of your pictures, 4 hours of my time lol” scam (not the catchiest name, we agree). Anyway, here’s what the scam is, plus how to avoid getting your Instagram hacked.

This popular scam involves hackers reaching out to you via DM and complimenting you on some of your pictures. They claim that they have posted a few of your photos on a super exclusive website after spending a few hours editing them. They’re then “kind” enough to include a direct link to the website so you can see your photos there for yourself.

This should already be setting off alarm bells in your head. We’re not saying your pictures aren’t great, but come on. Who would spend a few hours editing your photos, upload them to a website, and then reach out to tell you about it? It’s not even really one of those things that’s too good to be true. It’s just an all-around bizarre scenario that would never happen in real life. 

As you’ve almost certainly guessed, clicking on the attachment they provide (which is named “3 Of Your Pictures, And 4 Hours Of My Time LOL”) will not bring you to an exclusive website with cool Instagram photos. It will get your Instagram account hacked.

It seems like there’s some variation when it comes to the initial message these hackers will send. Some keep it short and simple with “Check out your photos,” others are a little bit more involved, saying something like “I really didn’t expect this to take me so long, But I finally got it all done. You better love it. I used some of your pictures.” But the attachment is always the same — and it’s always a scam.

This hopefully goes without saying, but if you receive the "3 Of Your Pictures, And 4 Hours Of My Time LOL” attachment, don’t click on it! There’s a chance that it could appear in a DM from one of your friends or followers — that just means they have also been hacked. If you do get a message like this from someone you know, reach out directly to that person to let them know their account may have been compromised. If it’s from an account you don’t recognize, just delete it.

If you have already clicked the link, well, that’s not great. If you still have access to your account, be sure to change your Instagram password as soon as possible. If any of your other accounts use that same password (they shouldn’t, BTW!), change those, too. Now is a good time to set up two-factor authentication, as well. Check your login activity (via the app) and sign out of any sessions from devices you don’t recognize.

If you’ve already been kicked out of your Instagram account by the scam, follow the steps outlined on the Instagram Help Page. Good luck to you. And let this be a very valuable lesson — don’t click any more weird links or attachments!