WTF is Happening With the Great Ray-Ban Insta Hack of 2018

It started around a month ago, interrupting your feed of brunches and sunsets and videos of how to make mac n cheese out of a packet of crushed Doritos and some wet bread. They appeared sporadically, and then all at once: endless Ray-Bans, discounted Ray-Bans, Ray-Bans for 90 percent off. Now, it seems like the 2018 Insta Ray-Ban hack is everywhere on the gram: a constant stream of your friends tagging you to buy knock-off wayfarers.

While Facebook’s long played host to innumerable Ray-Ban and Adidas scams propagated by your favourite aunty and the guy from intermediate school, seeing them breach the banks of Instagram has been a more recent occurrence. Rather than sponsored ads, they appear as a photo from a friend, with multiple people tagged in.

Videos by VICE

So where’s it coming from? Given Instagram and Facebook are owned by the same company—and in many cases share permissions and access—it’s possible the hack has just migrated over from the Facebook universe. The same scam, posted on Facebook, was going strong at least two years ago. A Reddit user posted a few clues to how it was getting access at the time, saying: “I’m not sure what caused it but two things happened the day the pictures were posted. The first thing was that I got a notification that somebody accessed my facebook account. I was in school at the time and so I didn’t do anything about it. Second thing was that I got an email that seemed completely legit but when I clicked it, it took me to a suspicious site which I closed immediately.”

Antispam filter company ESET keeps data on the volume of certain ‘genres’ of spam they’re blocking, and warned last year that the Ray-Ban scam was spreading by email, as well as Facebook. They note that in the case of the Ray-Ban emails, while the most affected countries were UK, Japan and Spain, the latest spamming campaigns were redirecting to pages that also accepted less popular currencies—including New Zealand dollars.

Sensor Tech Forum and Best Tech both say the hack looks like a piece of malware, which could be getting access from clicking a dodgy link, or downloading something with a few unwanted piggy-backers. It may also be getting in as a dodgy app on Facebook that you gave access yonks ago, which has subsequently started accessing what it shouldn’t [sound familiar? Maybe better knockoff Ray-Bans than the disintegration of democracy].

So what can you do?

If it is, in fact, a virus on your computer, things get a little more complicated. You can start by scanning your computer with an up-to-date virus scanner. Other options for affected Insta users, if you just want to evict whoever might be sitting in your account, include:

Change your passwords: groundbreaking stuff.

Two-step verification: This will alert you to other people trying to access your account, and provide another barrier to them doing so. Head to your settings, tap Two-Factor Authentication, and add a phone number. You’ll be sent a code when someone new tries to log in.

Report the scam: Instagram hasn’t made any announcements on the Ray-Ban hack specifically, but has some general advice from the helpdesk: go to the dots menu, tap report, tap “It’s a scam”.

If you think it may have introduced itself via your Instagram-linked Facebook account, there are a few other basic options:

Log everyone out: click the lock at the top right of your Facebook page and then click “More Settings” and then click the security tab. There’s an option called “Where you’re logged in,” and you can log out from any locations you don’t know from there.

Delete Apps: you can also, via Facebook, go through any apps that you’ve allowed to have access over the years. Remove access for anything you don’t use, if you aren’t sure what it does, or if you don’t want it getting access to your data.

Add two-step verification: As with Instagram, adding two-step to your Facebook will alert you to other people trying to get access, and makes it much harder for randos to get onto your account.

Facebook and Instagram have not yet responded to VICE requests for comment. They may be busy with other questions at present, answering to the US Congress—you can read more about that here.

Have you been hacked? Got some grand insights into how the Ray-Ban scammers accessed your account? Talk to @tessairini on Twitter.