A new phishing campaign targeting Instagram users has been found. This new campaign attempts to bait users into entering their login credentials by using fake copyright infringement alerts and implants a feeling of urgency, claiming that they have 24 hours to fill out a “Copyright Objection Form” or their account will be locked out. The victims receive an email with a very authentic looking message that tries to spoof an official Instagram format that states they must click the link. If a user clicks the link, they are redirected to an attacker-controlled page that then states their account will be deactivated within 48 hours if the user does not provide feedback. This should raise the user’s suspicion seeing as though the original email states 24 hours. The phishing landing page also displays an age confirmation form that adds legitimacy to the attack. Once a victim enters their login credentials and hits the submit button, the information is uploaded to an attacker-controlled server. After the attacker has the credentials, the victim is sent a message that they will be contacted by Instagram within 24 hours of form submission and is then sent to the official Instagram homepage–all to fool their victims. Once the attacker has the victim’s credentials, they can completely take over the account and use it for whatever they please.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for