On Nov. 24, many Instagram users received a text message that said, “Tap here to reset your Instagram password.” Then there was a link that started with “https://ig.me …” So what does this all mean? If it looks fishy, or as some might say “phishy,” it definitely is. If Instagram needs you to reset your password for any reason, they would email you from their official email address, not text you from a random number.
If you click on the link, which is not recommended, it will simply open up your Instagram app. While this doesn’t seem too strange, phishers often use links disguised as one thing to open up a very quick link that leads to malware. While that may not be the case in this instance with the mysterious reset Instagram password text, better safe than sorry!
This isn’t the first time users have received a “reset Instagram password” text.
For one thing, it’s strange that so many people received that text — and mostly all are active Instagram users. However, the story gets even weirder. Apparently, this scam has been going on since as early as 2008. There are reports from way back in the pre-smartphone era of people getting text messages from the number “326-65” regarding a password or account reset for Instagram and Facebook.
This makes sense, considering that Facebook has now bought Instagram, so it is likely that texts about resetting a password for Instagram would come from the same number as similar texts from Facebook. However, in either case, the rule of thumb is that if you see a link that looks sketchy, don't click it! Over time, people have continued to ask platforms like Quora and Reddit if it’s a scam, and the consensus is always yes, it’s definitely a scam.
The “reset Instagram password” text is likely a phishing scam.
Since we’ve figured out the mysterious mass text is likely a phishing scam … what exactly is “phishing”? According to the Federal Trade Commission, the official government agency dedicated to supporting consumers, “Scammers use email or text messages to trick you into giving them your personal information.” In this case, a scammer was likely looking to get your Instagram information.
However, phishing can be a little more complicated. The Defence Works gives some pretty good advice on what to do if you actually click on the link in the text message. The way many phishing links work is that it’s actually a malicious link that, once clicked, can begin to steal your data or “infect” your phone with malware. The main thing to do if you do click on the link is not to enter any personal information, and to disconnect from the internet.
This all sounds a bit scary, doesn’t it? Not to worry, though — it’s pretty unlikely that this particular text installed any sort of malware since it seems to go straight to the Instagram app; plus, most smartphones have secure software that prevents that sort of phishing software. But, if you are concerned, there are some steps you can take that Panda Security shares. Essentially, clear your data, backup your phone, and restore it to factory settings if you have reason to believe you have a virus on your phone.
One of Instagram’s recent updates is actually a good thing.
Finally, if you really wanted confirmation that the “reset Instagram password” text isn’t from Instagram, you can actually open up the app and see for yourself. Instagram recently added a feature in your settings where we can see all recent communication directly from the app, so that we can discern between scams and real emails. To get there, simply go to Settings > Security > Emails from Instagram. That way, we’ll know what’s real, and what’s just a pesky scam.