Instagram Phishing Campaign Tricks Users With Fake Account Login Alerts

in credentials •  5 years ago 


Heads up Instagram users! Hackers are on their way to try and steal your login credentials. Reportedly, an Instagram phishing campaign is in the wild that tricks users with fake login alerts.

Instagram Phishing Campaign Exploiting Login Alerts


According to Paul Ducklin of Sophos, a dedicated phishing campaign is going around targeting Instagram users. This campaign exploits account login alerts that the users receive when someone attempts signing in to their accounts.

As described in his blog post, this phishing attack begins from emails that spoof Instagram login alerts. The content of the email fools users by presenting a code in it, giving it the feel of two-factor authentication.

Instagram phishing email
Source: Sophos

Describing the content of this email, Ducklin stated,

Apart from a few punctuation errors and the missing space before the word ‘Please’, this message is clean, clear and low-key enough not to raise instant alarm bells. The use of what looks like a 2FA code is a neat touch.
When the recipient clicks on the sign-in link, the actual phishing website opens up. This web page seamlessly fakes the Instagram account sign-in screen. However, it has an obviously fake domain ending with ‘.cf’ – enough to suggest its maliciousness. Nonetheless, besides the domain blunder, the attackers have also taken care of ensuring HTTPS to add a sense of genuineness to the site.
Instagram mock phishing page
Source: Sophos

Thus, if a user is not smart enough to note the URL, he or she is likely to fall prey to this phishing attack, ending up surrendering their credentials to the hackers.

Stay Wary Of Phishing


Like always, this phishing campaign too aims at preying on users who do not pay much attention to email security. We have recently reported a few similar scams that evade email gateways to reach a users’ inbox. Therefore, one should not trust every email that they see in their mailbox – particularly, when it has some URL(s) or attachment(s).

Stay safe!


Posted from my blog with SteemPress : https://latesthackingnews.com/2019/08/25/instagram-phishing-campaign-tricks-users-with-fake-account-login-alerts/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.digitalmunition.me/instagram-phishing-campaign-tricks-users-with-fake-login-alerts/