A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers hijacked her account to orchestrate a fake $125,000 cash giveaway.
The attackers employed advanced techniques, including AI-generated deepfake videos and meticulously crafted phishing campaigns, to deceive followers into surrendering sensitive banking information.
This incident highlights the growing threat of cyber fraud leveraging cutting-edge technology and social engineering tactics, posing serious risks to both influencers and their audiences.
.png
)
AI-Generated Deepfake Video Fuels
The blogger, whose identity remains undisclosed pending an ongoing police investigation, suspects that her account was compromised through a SIM-swap attack.
In such attacks, cybercriminals trick a mobile carrier into transferring a victim’s phone number to a new SIM or eSIM under their control, effectively locking the legitimate owner out of their services.
This can be executed either by physically visiting a carrier’s office with forged documents or by exploiting vulnerabilities in online carrier portals to issue an eSIM remotely.
Once the scammers gained control of the phone number, they bypassed two-factor authentication (2FA) protocols on Instagram, convincing platform support of their legitimacy and seizing full access to the account.
This rendered the blogger’s original SIM card useless, cutting off her access to calls, texts, and internet services tied to the number.
SIM-Swap Attack Suspected as Entry Point
The attackers wasted no time in launching an elaborate scam from the compromised account.
They posted a deepfake video, created by stitching together old footage from the blogger’s Reels and dubbing it with an AI-synthesized voice mimicking her upbeat tone.
Accompanying the video were a text post with a fabricated emotional backstory, reused Stories with embedded phishing links, and fake testimonials to bolster credibility.
Close inspection revealed flaws in the scam, such as a CapCut watermark on the fake video-absent in the blogger’s authentic content-and inconsistent subtitle styling, with white text on a black background unlike her usual plain white text.
These subtle discrepancies, though, might easily escape a casual viewer’s notice, illustrating the alarming sophistication of AI-driven fraud.
Clicking the phishing link in the profile bio directed users to a rudimentary yet deceptive page featuring flashy visuals and a “Claim your prize” button.
Unprotected devices lacking robust security software failed to flag the malicious site, leading users to either pay a fictitious commission or input personal and banking details under the guise of receiving winnings.
Predictably, no prize materialized, and victims risked financial theft or identity fraud.
According to the Report, this phishing tactic exemplifies how scammers exploit trust in familiar online personalities to extract sensitive data.
This case underscores the urgent need for enhanced security measures among social media users, especially high-profile individuals.
Enabling multi-factor authentication beyond SMS-based 2FA, such as app-based authenticators, and regularly monitoring mobile carrier accounts for suspicious activity can mitigate risks of SIM-swapping.
Additionally, users must remain vigilant of subtle inconsistencies in content and avoid clicking unverified links, even from trusted accounts.
As AI tools become more accessible to cybercriminals, such scams are likely to grow in frequency and complexity, demanding heightened awareness and proactive defense strategies from both platforms and their communities.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
