Because there are so many teams in robotics, simply posting a story on Instagram will not do enough. This is important enough where I am willing to set aside my time to discuss this to people who are using the social media to promote their robotics and teams. I want some people to be more aware of what they do.
Do not click links you do not know of
If you believe the link is safe and you do click it, NEVER input a password even in the slightest speculation. Websites will never ask for passwords twice unless you are in a website’s settings.
This is what is prompted, and it is easy to tell this is a scam due to the bottom of the link being uncentered, the random shifts in color of the white background, and the poor quality text. But even if it was perfectly believable, just avoid typing passwords twice or else you’re risking your account. As an addition two factor authentication is your best friend. Stay safe guys, so far I’ve seen 7 accounts on Instagram that fell for this, and I am pretty certain you will likely find yourself with the same messages seen above.
If you can, use an app like Authy or Google Authenticator for 2FA. Unlike SMS 2FA, which can be easily intercepted, Authy and Authenticator use a seed to generate a one time passcode (OTP) that cannot be stolen since it is only ever calculated on the device with the seed.
Also, get a password manager with autofill such as Samsung Pass, Dashlane, or Lastpass. These will not enter your password on fake domains. Since a lot of websites use HSTS now, it is nearly impossible to hijack a domain.
This also goes for all accounts personal and for business on every platform. If you think something is suspicious it probably is. Try to quell that 1 second of curiosity and don’t click on things that 1) make absolutely no sense, and 2) seem sketchy, poorly made, or request information for no obvious reason.
I just got one of those “3 Of Your Pictures” messages from a VEX team’s account. I’m guessing they clicked on one of these and their account got hacked.
I still haven’t made a single post on Instagram yet, though, so it’s not too hard to tell when I’m being scammed.
