Users of social networks Instagram or Facebook are increasingly receiving messages from profiles used by their acquaintances or friends in which they are asked to provide their phone number for the purposes of an alleged competition in order to vote for them. Messages of this content are actually part of current internet scams.

If the user agrees to the alleged vote and provides their phone number, they receive a response that they will receive a code via SMS that they need to forward to the sender of the message from the Instagram or Facebook profile.

In this way, by forwarding the code to the attacker, the user's phone account is debited, but it can also lead to the profile being taken over, which the attackers then abuse for this type of fraud, by forwarding the same message to the contacts of the last "victim" in the attack chain.

For the purposes of this scam, attackers can hack a user's account or create a fake profile of that user by taking personal information and photos from the original account. The profiles of these users are most often publicly available profiles, which makes this type of abuse possible. In order to prevent easy account takeovers on social networks, it is recommended that users set their profiles as private.

The main indicator that can indicate to users that this is a scam is the SMS they receive for the purpose of alleged voting and which contains a notification that it is actually about purchasing vouchers for playing popular games, as well as the amount that will be debited from their phone bills if the aforementioned code is entered.

For this reason, it is necessary to carefully read the content of the SMS message and not share the code received from the SMS with third parties, in order to prevent abuse.

The National CERT recommends that all users who receive this type of message, for the purposes of an alleged competition on social networks, use an alternative communication channel and additionally verify the identity of the sender.