New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


New Instagram Phishing Attack

A new Instagram phishing campaign is underway, attempting to scam users of the popular social media platform by luring them with a blue badge offer. Blue badges are highly coveted as Instagram provides them to accounts it verified to be authentic, representing a public figure, celebrity, or brand. The campaign emails inform recipients that Instagram has reviewed their accounts and deemed them eligible for a blue badge. Users are urged to fill out a form and claim their verification badge within 48 hours. While the campaign shows signs of fraud, the threat actor bets on the carelessness and enthusiasm Instagram users have when faced with the opportunity to upgrade the status of their social account.

The new campaign was spotted by threat analysts at Vade, an AI-based email security service, who reported that the first messages to targets were sent out on July 22. During the deployment, email distribution volumes spiked twice, once on July 28 and again on August 9, with more than 1,000 phishing messages per day. The messages feature Instagram and Facebook logos and inform the recipient that their account is eligible for a blue badge, urging them to click on an embedded button that would take them to the relevant submission form. The users are warned that if they ignore the message, the form will be permanently deleted in 48 hours, creating a sense of urgency and the illusion of a limited opportunity. The phishing form is hosted on a domain named “teamcorrectionbadges”, to make it appear as if Instagram uses a separate, dedicated domain to verify users. The phishing process on that site relies on a three-stage form, each step showing Instagram, Facebook, WhatsApp, Messenger, and Meta logos, to create a sense of legitimacy. The first form requests a username and the second asks the victim to enter a name, email, and phone number. The third and final step requests the password to supposedly verify that they own the account. Once the victim completes the process, a message informs them that their account is now verified, and that the Instagram team will contact them in the next two days. A phony case ID is also presented at this final step.

Analyst Notes

It is essential to know how Instagram’s verification program works to avoid scams such as these. First, the social media platform will never contact users offering a blue badge. Users can only get it by applying themselves. Also, applying for verification is only possible through the official platform, never by visiting a separate domain. Finally, Instagram blue badges are reserved for notable public figures, celebrities, and brands, so regular accounts aren’t eligible. Phishing actors have been taking advantage of the vanity that characterizes many Instagram users. Campaigns targeting social media users with phishing emails are very popular and are not limited to Instagram. To safeguard accounts, Instagram offers two-factor authentication for additional security.