Phishing campaign targeting the Instagram users

The new phishing campaign is targeting the Instagram users by using the fake copyright notices of infringement in order to steal the user credentials. As detailed by the security researchers of Kaspersky Lab on March 15, 2019, this phishing campaign sees the Instagram users targeted via an email pretending to be from the Instagram.

This email notice looks like the official email as it uses the header and logo of Instagram. The email address that is normally used in "From" field is either info@theinstagram.team or mail@theinstagram.team. The emails read "we regret to inform you that your account will be suspending because you have violated the copyright laws. Your account will be deleted within 24 hours. If you think we make a mistake please verify, to secure your account".

Then the users are prompted to click the "Verify Account" link. Once the users click on this link, they are prompted to enter the Instagram credentials. For double phishing blow, the users are presented with another message that states "we need to verify your feedback and check if your e-mail account matches the Instagram account".

Now if the users click on "Verify My E-mail Address" link, then they see an email service providers list. From this the users need to select their email service provider, and then they were asked to submit their email address along with their password of the email account.

"As soon as your data goes to the scammers, they can take over your Instagram profile and modify the information you need to recover it. From there, they can start demanding ransom to give the account back to you, or start spreading spam and all kinds of malicious content using your hijacked account", the Kaspersky Lab researchers explained.

Instagram users were advised to take precautions in order to avoid getting scammed in cases like this phishing scheme. The users were advised to protect their accounts with complicated and strong password, as well as were asked to enable the two-factor authentication; they were also asked not to click on suspicious links, and always check address bar of web page for the URL; and probably the best of all, is to only use official Instagram app while interacting with this service.

» SPAMfighter News - 4/2/2019