‘Vote for Me’ Instagram Scam: How Familiar Faces Are Being Used to Steal Your Account

If you’ve received a sweet message on Instagram from a mutual asking you to “vote” for them in an influencer contest – pause. You might be looking at a well-crafted phishing scam designed to steal your Instagram, Facebook or even email credentials.

The hook: a friendly DM from a trusted mutual

The scam typically starts with a message like this:

“Hello, sorry to bother you, I am applying for an ambassador position for the online influencer program at the Vanc fashion show. Can you please vote for me? Thanks🥰💐”

It comes from someone you follow, and possibly even know – often an account you’ve had mutual engagement with for months. Their profile looks real, with genuine photos and activity. You might have even liked each other’s posts before.

That’s no accident, because scams like this one weaponize trust.

The trap: a fake voting site

Once you agree to help, they send you a link that resembles a voting page. Something like vanc-vote4me[.]wuaze[.]com.

When you click it, you may land on a page carefully polished to fit the scenario. In our case, the page had the following elements meant to ensnare unsuspecting users:

• A fake vote counter (“5678 out of 5688!”) to instill urgency
• A carousel of random fake voters to strengthen the illusion of legitimacy
• Options to vote via Instagram, Facebook or email login

You can typically encounter these elements on legitimate voting pages. However, any credentials you enter on this website are sent directly to the scammer.

Selecting any of the voting options will prompt you to log in with your Facebook, Instagram, or Microsoft email account.

Why the ‘vote for me’ scam works so well

Most would argue that the “vote for me” scam is lazy. It has several components that make it easy to spot and a well-versed user can see right through the ruse. However, its design makes it feel personal and urgent, two of the most common scammer tools.

“Vote for me” scams on social media usually follow this structure:

• The message comes from someone familiar, or someone in your mutuals list
• The fake voting site may look a bit off, but convincing enough to brush off as benign
• The emotional cues (emojis, polite tone) may throw you off
• The login options are convenient; just one click, right?

Behind the scenes, attackers harvest your credentials and lose no time logging into your accounts. If you don’t have two-factor authentication (2FA) enabled, they’re in.

What happens next?

Once they have your account, threat actors can inflict a lot of harm that may lower your credibility or even make it impossible for you to recover your account by:

• Changing your password and locking you out
• Weaponizing your account to further the scam by DM-ing your friends with the same hook and lure
• Occasionally blocking people who might expose them or even deactivating accounts that have obviously been hacked to cover their tracks

Unfortunately, if an attacker takes over your account, they can do more harm than simply changing your password. If they use your account to propagate the scam, your followers list may start to dwindle, as you lose followers’ trust. Your account may even get reported. Once you’re down this road, regaining your credibility can be difficult.

How to protect yourself

Here are some common steps you can take to ensure you don’t fall prey to the “vote for me” social media scam or other malicious attempts:

• Never log in via links from DMs, even from mutuals. Ask them in a voice note or through another app if it’s legit, and even then, you should remain cautious
• Check the domain
• Use Bitdefender Scamio, a free AI chatbot that can check links, messages, or screenshots for signs of scams. It works via web, Facebook Messenger, and WhatsApp
• Turn on multi-factor authentication (MFA) for all your accounts
• Report compromised accounts directly to Instagram
• If you have already entered your credentials, change your passwords immediately and check for suspicious logins
• Install Bitdefender Mobile Security on your phone to automatically block phishing links, malicious websites and scam attempts, especially those that slip into your DMs from trusted accounts. Mobile Security is available for iOS and Android devices

Red flags in fake login screens

If you’re tech-savvy, the phishing login pages for Instagram, Facebook and email accounts might feel… off. The following signs can tip you off that something is not right:

• Fonts are slightly wrong
• Buttons don’t behave like the real thing (in our case, you had to click slightly above the button)
• There’s no HTTPS padlock on some versions (ours had a valid HTTPS certificate)
• Sometimes, pressing “Forgot Password?” does nothing at all

Furthermore, in our scenario, the email option only lets you “log in” using a Microsoft account – no Gmail, no Yahoo, nothing else. That’s a pretty glaring oversight for a legitimate “voting” platform, but it’s exactly the kind of detail a casual user might overlook.

The reality is that these pages aren’t designed to withstand scrutiny. Threat actors build them hastily by poorly copying legitimate designs, counting on victims being rushed or distracted to fall into their trap. That’s precisely why emotional appeals and urgency cues (i.e., “Just 10 votes left!”) are so critical to their success.

Next time you find yourself on a login page or face a prompt asking for sensitive details, back away and reassess. You may fall prey to a classic scam.

Final thoughts

Scammers continuously devise new ways to deceive unsuspecting users, and the “vote for me” scam is no exception. While it lacks complexity, it feels familiar and has just enough urgency to throw you off your guard.

Remember that attackers are counting on your instinct to trust people you follow. So, next time someone asks for a quick favor through a DM, take a breath, check the link, and stay on high alert.

Frequently asked questions about Instagram scams

What is the “do me a favor” Instagram scam?

The “do me a favor” Instagram scam is a classic trope of threat actors asking users to do something immediately, exploiting a sense of urgency to prompt users to lower their guard. They may ask for sensitive data, gift card information, or even direct payments.

How to tell if it’s a scammer on Instagram?

Identifying a scammer messaging you on social media platforms can be easier if you learn to recognize red flags. Requests for sensitive data or money should always be deemed suspicious. Furthermore, fake messages often contain spelling and grammar errors. You should also watch for suspicious links.

Can people steal your information on Instagram?

Yes, people can use social engineering and phishing tactics to steal your information, not only on Instagram, but on any other platform (Facebook, Snapchat, Twitter, email) as well.