Instagram phishing scams have taken a sophisticated turn, targeting unsuspecting users with ads that impersonate trusted Canadian banks like BMO and EQ Bank. These scams leverage AI-generated content and deepfake videos to mimic official branding, leading users to fraudulent sites such as RBCpromos1[.]cfd. The stakes are high as scammers aim to steal personal data and financial information. Let’s dissect how these scams function, the potential risks to your data, and the steps you should take to safeguard yourself.
What Data Points Were Leaked?
Phishing scams on Instagram have become dangerously convincing, largely due to the use of AI-generated content and deepfake technology. Scammers now craft ads that mimic the branding and messaging of legitimate banks like BMO and EQ Bank, often fooling even the most cautious users. These ads don’t just look real—they sound and feel authentic, using logos, color schemes, and even video deepfakes that appear to feature real bank representatives.
Types of Data Targeted
The primary goal is to harvest sensitive information. Here’s what scammers are after:
Banking Credentials: Usernames, passwords, and two-factor authentication codes.
Personal Identifiable Information (PII): Full names, addresses, phone numbers, and date of birth.
Contact Information: Email addresses and linked phone numbers, which can be used for further attacks.
Scammers lure users into clicking on sponsored Instagram ads that lead to lookalike domains—websites with URLs designed to closely resemble the real bank’s site (e.g., RBCpromos1[.]cfd). Once there, users are prompted to “verify” their accounts or claim fake rewards, unwittingly submitting their information directly into the hands of cybercriminals.
How the Trick Works
Convincing Visuals: AI tools replicate bank branding with near-perfect accuracy.
Lookalike URLs: Slightly altered domain names trick users who aren’t paying close attention.
Fake Forms: Users are asked to fill out login, card, or identity verification forms.
With each form submission, critical datapoints—often enough to take over accounts or commit identity theft—are sent to scammers. Even a single slip, like entering your email and phone number, can open the door for more aggressive attacks down the line.
Should You Be Worried?
When your personal data lands in the wrong hands, the fallout can hit hard and fast. It’s not just about a random email or a suspicious DM—phishing on platforms like Instagram can open the door to serious trouble.
The Real Risks: What’s at Stake?
If your Instagram account is compromised, here’s what can happen:
Financial Loss: Scammers can use stolen credentials to access linked financial accounts, or trick your friends and followers into sending them money using your profile as bait.
Identity Theft: Hackers can harvest your personal info—phone numbers, addresses, birthdates—to impersonate you elsewhere. This can spiral into fraudulent loans, new accounts, or worse.
Loss of Privacy: Once your data is out, you have zero control over where it goes. Photos, messages, and contacts can be exploited or sold.
Reputation Damage: A hacked account can be used to spread malicious links or offensive content, damaging your relationships and credibility.
Emotional Stress: Victims often feel violated, anxious, and powerless—sometimes for months.
How Bad Can It Get?
Let’s break it down with real-world scenarios that users have faced:
Account Lockout: You wake up, try to log in, and your password doesn’t work. The hacker has changed it, and your recovery options are gone. Now, they’re messaging your friends, pretending to be you.
Scam Spree: A compromised account is used to send fake investment or giveaway links to your contacts. Your friends lose money, and you get the blame.
Data Used Elsewhere: Info stolen from your profile is used to answer security questions on other platforms. Suddenly, you’re locked out of not just Instagram, but also your email and bank accounts.
Why Should You Care?
Phishing isn’t just a tech issue—it’s personal. Hackers are getting smarter, and they’re targeting everyday users, not just celebrities or influencers. Your data is valuable, and it’s always at risk when it’s not protected.
What Can You Do?
Staying alert is key, but even the most careful users can slip up. That’s where services like Cloaked come in. Cloaked helps keep your personal data safe by masking your real information online. If you’re worried about scammers exploiting your details, using a privacy tool like Cloaked can give you much-needed peace of mind.
Remember: It’s not about paranoia—it’s about being prepared.
What Should Be Your Next Steps?
Getting hit with a suspicious financial ad or shady message isn’t just annoying—it can put your hard-earned money and personal data at real risk. Before you click, reply, or share any personal details, take a deep breath and run through these clear steps.
How to Verify the Legitimacy of Financial Ads and Messages
Spot the Red Flags
Check the sender’s details. Look closely at the username, email, or phone number. Scammers often use subtle misspellings or odd characters.
Look for urgency. If a message pressures you to act fast (“limited-time offer!” or “your account will be locked!”), be suspicious.
Evaluate the content. Poor grammar, generic greetings, or unfamiliar links are classic warning signs.
Confirm Before You Trust
Search for official contact info. Go directly to the company’s verified website or app—never use the links provided in suspicious messages.
Call or email the company. Use the contact details you find on their official site, not those in the message.
Double-check with trusted sources. Ask friends, family, or colleagues if they’ve seen similar ads or received the same communication.
Best Practices for Protecting Personal Information Online
Protecting your data should be as routine as locking your front door. Here’s how to keep your personal info safe:
Never share sensitive details (passwords, PINs, social security numbers) via email, text, or DMs.
Turn on two-factor authentication wherever possible. It’s a simple extra step, but it blocks most unauthorized access.
Be wary of sharing personal info on social media. Scammers can piece together your details from public posts.
Using Cloaked for Extra Protection
If you’re tired of feeling like your data is up for grabs, tools like Cloaked can help. Cloaked lets you create masked emails and phone numbers, keeping your real info hidden when signing up for services or responding to offers. That way, even if a scam sneaks through, your true identity stays secure.
Takeaway: Trust your gut. If something feels off, it probably is. Double-check, stay cautious, and use smart tools to shield your personal data from prying eyes.
Cloaked FAQs Accordion
Frequently Asked Questions
First, change your passwords—especially if you've reused them across sites. Then enable two-factor authentication (2FA) on all key accounts. Review your account and credit activity regularly for any unusual behavior. If suspicious actions surface, consider freezing your credit and alerting your bank. To proactively reduce exposure in the future, tools like Cloaked can mask your personal information before breaches happen.
Cloaked provides you with disposable emails, phone numbers, and payment details, making it harder for bad actors to access your real identity. These tools help you safely sign up for services, communicate, and shop online without putting your core identity at risk.
Commonly targeted data includes full names, email addresses, phone numbers, birthdates, physical addresses, login credentials, and payment info. Tools like Cloaked help shield this information by providing secure, masked alternatives.
Always be skeptical. Malicious links are one of the most common ways hackers infect devices or steal data. Avoid clicking unless you can verify the source. Services like Cloaked can add layers of security so your real contact info isn’t exposed even if you make a mistake.
Using the same contact info across platforms makes it easy for attackers to build a full profile of you. If one platform gets breached, all your accounts can be at risk. That’s why Cloaked allows you to use different, secure contact methods for each service.
At Cloaked, we believe the best way to protect your personal information is to keep it private before it ever gets out. That’s why we help you remove your data from people-search sites that expose your home address, phone number, SSN, and other personal details. And to keep your info private going forward, Cloaked lets you create unique, secure emails and phone numbers with one click - so you sign up for new experiences without giving away your real info. With Cloaked, your privacy isn’t a setting - it’s the default. Take back control of your personal data with thousands of Cloaked users.
*Disclaimer: You agree not to use any aspect of the Cloaked Services for FCRA purposes.
