Instagram is a popular photo- and text-sharing platform. Instagrammers worldwide use this platform as sort of a video diary to share everyday activities and moments.
A phishing attack on Instagram begins when a hacker creates a fake Instagram login page. To fool you, these sham pages are crafted to look as much like the real site as possible. When you provide an Instagram user ID and password to the phony page, the attacker captures your credentials. You will usually be redirected to the real Instagram login page for authentication, but the damage has already been done. With your Instagram credentials, the attacker has full access to your account.
If you use those same credentials to log on to other social media sites, or worse yet, your bank account, the attacker will have access to those accounts as well.
After gaining access to your Instagram account, the hacker can spy on you. The hacker can also now pose as the legitimate user and request personal information from your friends and followers. Naturally, the hacker covers any tracks by deleting fraudulent messages.
Taking things to the next level, the attacker can take complete ownership of your Instagram account. The hacker can change your personal information, preferences, and even your password, thus locking you out of your own account.