“I’m giving away $125 000! Join the project via the link in my profile!” — suddenly, a popular Russian blogger launches a massive cash giveaway on Instagram. A familiar face, speaking in upbeat voice and confident tone, appears in Stories. It all looks too good to be true…

That’s because it is. There’s no real project. The blogger didn’t launch anything. Her account was simply hijacked. And the scammers went beyond the usual tricks: not only did they steal access and post a fake giveaway link, but they also stitched together a new video from old footage and dubbed it with a voice generated by neural networks. Read the whole story to learn how Instagram accounts are stolen by swapping SIM cards — and what you can do to protect yourself.

An almost flawless scam campaign

With the rise of AI tools, scammers have suddenly gotten “smarter”. Before, having hacked a blogger, they’d have just posted phishing links and hoped the audience would bite. Now they can run full-fledged PR campaigns from the stolen account. Here’s what the scammers did this time:

• One short video. They wrote a script, voiced it with a deepfake of the blogger’s voice, and edited together visuals from her previously posted Reels.
• A text post. They published a photo with a tear-jerking caption about how hard it was to launch the project, trying to mimic the blogger’s usual tone.
• Four Stories. They reused old Stories where the blogger mentioned a real project, added a link to a phishing site, and reposted them.

All this lends the fake project an air of legitimacy — since bloggers often use content like this across different formats to promote real initiatives. The scammers spared no effort — even throwing in some testimonials from grateful fans; fake ones, of course.

Let’s take a closer look at the video. At first glance, it’s surprisingly high-quality. It follows all the blog’s rules: the blog’s topic (home renovation), voiceover narration, quick editing. But upon closer examination, the illusion is shattered. Check out the screenshot below: only one video has a watermark in the top-left corner — from the free version of the editing app CapCut. That’s the fake. The other videos don’t have this watermark — because the real blogger either uses the premium version or edits with another app.

There’s another detail: the subtitles. In all her real videos, the blogger uses plain white text with no background. In the fake video, the text is white on a black background. Sure, bloggers sometimes change their style, but usually settings like font and color are saved in their editing software and stay consistent.

What happens if you click the link in the profile?

Here’s where it gets interesting. What kind of “project” exactly were the scammers promoting, and what happens if you click the link?

If you’re using a device without reliable protection (which would warn you if you try to visit a phishing site), you’ll land on a very basic page: a flashy image, some eye-catching text, and a Claim your prize button. Clicking such buttons typically leads to one of two outcomes: you’ll be asked to pay a commission, or prompted to enter your data — purportedly to receive your winnings. In any case, you’ll be asked to share your bank details. Of course, no prize is coming — it’s pure phishing.

How did attackers hack the blogger’s Instagram account?

Important: there’s no official version of how the account was compromised yet. It’s a high-profile case, and the blogger has reported it to the police. She currently suspects she fell victim to a SIM-swap attack. In short, this means that the scammers convinced her mobile provider to transfer her phone number to a new SIM card. There are two main ways this can be done:

• Old method. Scammers forge a power of attorney and physically visit the mobile provider’s office to request a SIM replacement.
• New method. The criminals access the victim’s online account provided by the mobile carrier and remotely issue an eSIM.

SIM swapping allowed scammers to bypass two-factor authentication and convince Instagram support that they were the real account owners. Similar tricks can be used with any service that sends verification codes via text — including online banks.

As for the blogger’s original SIM card, it instantly turned into a useless piece of plastic: no internet, no calls, no texts.

How to protect your account from being hacked

Here are the basic rules to prevent most types of account hacks — whether on messaging apps, social networks, forums, or other sites:

• Use advanced two-factor authentication with app-generated codes instead of texts (SMS). For Instagram, we recommend also adding a backup method: Settings and activity → Accounts Center → Password and security → Two-factor authentication → Add a backup method. Then, download a dedicated app to generate your login codes.
• Install reliable protection on all your devices. Pre-installed antivirus protection will block phishing links and protect you from various malware.
• Create strong, unique passwords. If you’re short on imagination, let Kaspersky Password Manager do it for you and keep them safe.
• Follow the golden rule: each service has its own unique password. That way, hackers won’t get access to everything at once.
• Ask your mobile operator if it’s possible to either completely prohibit servicing you remotely, or set up a special code you must state in every interaction — remote or in person. This can help protect you from SIM-swapping attacks.

More to read on protecting your accounts from hacking:

• What to do if your Telegram account is hacked
• Messengers 101: safety and privacy advice
• Instagram’s updated security and privacy settings
• What to do if your WhatsApp account gets hacked

Kaspersky official blog – ​Read More