If you’ve received a sweet message on Instagram from a mutual asking you to “vote” for them in an influencer contest – pause. You might be looking at a well-crafted phishing scam designed to steal your Instagram, Facebook or even email credentials.
The scam typically starts with a message like this:
“Hello, sorry to bother you, I am applying for an ambassador position for the online influencer program at the Vanc fashion show. Can you please vote for me? Thanks🥰💐”
It comes from someone you follow, and possibly even know – often an account you’ve had mutual engagement with for months. Their profile looks real, with genuine photos and activity. You might have even liked each other’s posts before.
That’s no accident, because scams like this one weaponize trust.
Once you agree to help, they send you a link that resembles a voting page. Something like vanc-vote4me[.]wuaze[.]com
.
When you click it, you may land on a page carefully polished to fit the scenario. In our case, the page had the following elements meant to ensnare unsuspecting users:
You can typically encounter these elements on legitimate voting pages. However, any credentials you enter on this website are sent directly to the scammer.
Selecting any of the voting options will prompt you to log in with your Facebook, Instagram, or Microsoft email account.
Most would argue that the “vote for me” scam is lazy. It has several components that make it easy to spot and a well-versed user can see right through the ruse. However, its design makes it feel personal and urgent, two of the most common scammer tools.
“Vote for me” scams on social media usually follow this structure:
Behind the scenes, attackers harvest your credentials and lose no time logging into your accounts. If you don’t have two-factor authentication (2FA) enabled, they’re in.
Once they have your account, threat actors can inflict a lot of harm that may lower your credibility or even make it impossible for you to recover your account by:
Unfortunately, if an attacker takes over your account, they can do more harm than simply changing your password. If they use your account to propagate the scam, your followers list may start to dwindle, as you lose followers’ trust. Your account may even get reported. Once you’re down this road, regaining your credibility can be difficult.
Here are some common steps you can take to ensure you don’t fall prey to the “vote for me” social media scam or other malicious attempts:
If you’re tech-savvy, the phishing login pages for Instagram, Facebook and email accounts might feel… off. The following signs can tip you off that something is not right:
Furthermore, in our scenario, the email option only lets you “log in” using a Microsoft account – no Gmail, no Yahoo, nothing else. That’s a pretty glaring oversight for a legitimate “voting” platform, but it’s exactly the kind of detail a casual user might overlook.
The reality is that these pages aren’t designed to withstand scrutiny. Threat actors build them hastily by poorly copying legitimate designs, counting on victims being rushed or distracted to fall into their trap. That’s precisely why emotional appeals and urgency cues (i.e., “Just 10 votes left!”) are so critical to their success.
Next time you find yourself on a login page or face a prompt asking for sensitive details, back away and reassess. You may fall prey to a classic scam.
Scammers continuously devise new ways to deceive unsuspecting users, and the “vote for me” scam is no exception. While it lacks complexity, it feels familiar and has just enough urgency to throw you off your guard.
Remember that attackers are counting on your instinct to trust people you follow. So, next time someone asks for a quick favor through a DM, take a breath, check the link, and stay on high alert.
The “do me a favor” Instagram scam is a classic trope of threat actors asking users to do something immediately, exploiting a sense of urgency to prompt users to lower their guard. They may ask for sensitive data, gift card information, or even direct payments.
Identifying a scammer messaging you on social media platforms can be easier if you learn to recognize red flags. Requests for sensitive data or money should always be deemed suspicious. Furthermore, fake messages often contain spelling and grammar errors. You should also watch for suspicious links.
Yes, people can use social engineering and phishing tactics to steal your information, not only on Instagram, but on any other platform (Facebook, Snapchat, Twitter, email) as well.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsMay 23, 2025
May 16, 2025
April 03, 2025