Think Before You Click

If you are like a lot of businesses, you may use Instagram for marketing your products and services. A new phishing was recently discovered targeting Instagram users.   The fraudsters lure their victims into giving away their credentials using fake copyright infringement alerts. These type of attacks are designed to instill a sense of  urgency in the attackers’ targets to lower their guard and get them to react without thinking.

In the Instagram phishing campaign, the phishing emails use fake account suspension messages that purport to be from Instagram and claim to be triggered by a copyright notice.  The fake emails direct users to fill out a ‘Copyright Objection Form’ within 24 hours.   Criminals designed these sophisticated phishing messages to look as close as possible to what official Instagram messages would look like to avoid raising suspicions.

Last month Instagram users were targeted by a phishing campaign in which the attackers used login attempt warnings coupled with what looked like two-factor authentication (2FA) codes to make the attack more believable.

In response to the increase in these type of attacks, Instagram has launched a new feature that helps users find out if an email was in fact sent by Instagram or is an attempted phishing scam.  They will provide a list of all emails they have sent out in the security tab that users can access if they receive an email from Instagram and want to verify it.  If the email is on the list, it did come from them. If the email is not on that list,  the user is likely being targeted for phishing and can advise the social media site about the bogus email so they can try to put a stop to it.

The moral of this story is:  Always check other sources before clicking on links that you were not expecting to get or just to verify the legitimacy of emails and links you receive. Many phishing emails and posts are made to appear legitimate, such as the Instagram one.  Criminals love to prey on the fear factor as they did on Instagram, leaving users in fear they are violating a policy.

When in doubt, always check it out.

Leave a Reply

Your email address will not be published. Required fields are marked *