In early October, a publicist received an irresistible message via email. The publicist’s client is a top “influencer” […] “We would be extremely interested in a business partnership,” a man calling himself “Joshua Brooks” wrote. His pitch was eye-popping: He was offering “80 Thousand US Dollars” for a single picture.
[…] But the link Brooks sent wasn’t to Iconosquare.com—it was to lconosquare.biz, a cloned version of the site set up for phishing. Once the influencer logged in with the Instagram username and password, Brooks seized control of the account. Within minutes, he was spamming the influencer’s millions of followers with offers for a free iPhone.