A new phishing campaign targeting Instagram users has been found. This new campaign attempts to bait users into entering their login credentials by using fake copyright infringement alerts and implants a feeling of urgency, claiming that they have 24 hours to fill out a “Copyright Objection Form” or their account will be locked out. The victims receive an email with a very authentic looking message that tries to spoof an official Instagram format that states they must click the link. If a user clicks the link, they are redirected to an attacker-controlled page that then states their account will be deactivated within 48 hours if the user does not provide feedback. This should raise the user’s suspicion seeing as though the original email states 24 hours. The phishing landing page also displays an age confirmation form that adds legitimacy to the attack. Once a victim enters their login credentials and hits the submit button, the information is uploaded to an attacker-controlled server. After the attacker has the credentials, the victim is sent a message that they will be contacted by Instagram within 24 hours of form submission and is then sent to the official Instagram homepage–all to fool their victims. Once the attacker has the victim’s credentials, they can completely take over the account and use it for whatever they please.
Analyst Notes
If a user receives an email such as this, the user should check the sender’s address. If it is not an Instagram[.]com domain, then it should start raising suspicion. The user can also hover over the link address to do the same thing. If a user falls victim to a scam such as this and can still access their account, then the user’s password should be reset to a strong and unique password. If the victim cannot access their account, then the victim can contact Instagram directly to regain control of their account.
