Instagram users are receiving phishing emails that state there has been an unauthorized login attempt on their account. In order to verify that it was not the user, they are requested to follow a link within the email to confirm their identity. To help with being undetected, scammers included a 2FA code in the emails that the user is asked to use when logging on the phony Instagram site. When visiting the fake login page, there are not any immediate tell-tale signs of a phishing site because it has a valid HTTPS certificate along with the green padlock that tells the user the site is safe–or so they think. However, when researchers took a closer look at the domain name, they noticed that the curators of the page created it the ccTLD domain .CF which is the domain for the Central African Republic. “If you click through, you ought to spot the phishiness from the domain name alone – we’ve redacted the exact text here, but it’s a .CF (Centrafrique) domain that nearly spells ‘login’, but doesn’t quite,” stated one of the researchers who discovered the flaw. This is not the first time Instagram users have been targeted in phishing campaigns this year with “The Nasty List” and “The Hot List” seen in April.
As always with any phishing campaign, users should not follow links that are included in emails from unknown senders. If the link is followed, the users should verify that the link is legitimate before inputting any information on the site.