One Billion Instagram Users Face New Phishing Scam

There are one billion monthly Instagram users and they are finding out a recent email phishing campaign aimed at them is working. It’s designed to steal user credentials with fake copyright infringement email notices, as strange as that may sound. After all, how many Instagram users are even aware of copyright infringement, much less being told they have done so? Not many, that’s why it’s working.

Kaspersky Lab released its findings on this latest scam. Hackers have been sending Instagram users emails appearing to be directly from Instagram, and they do look very legitimate with convincing email addresses like mail@theinstagram.team and info@theinstagram.team.The email informs users that “we regret to inform you that your account will be suspending because you have violated the copyright laws. Your account will be deleted within 24 hours. If you think we make a mistake please verify, to secure your account.” Upon finding their account was in trouble, users flocked to verify them by following a “Verify Account” link in the email. Once the user verified their account with all of their Instagram information, the phishers doubled down to steal even more data.

The next step in the scam is the message “we need to verify your feedback and check if your e-mail account matches the Instagram account.” Once email account and passwords were “verified,” hackers were off to the races. The scammers take over your Instagram account and change the information you need to recover it yourself. After that, scammers can ransom your account to get it back, spread spam, and malicious content, all in your name. Suddenly, paying a ransom to stop the madness and get your account back under your control may not sound all that bad.

This Instagram phishing hack is full of red flags for those who know what to look for in an email phishing scam:

Users followed email links to begin with.

  • Anytime there’s an email request to verify account information is the time to stop and think. Instead of following links, go directly to the source yourself, in this case Instagram and your account settings or profile information. You’ll be able to find out if Instagram is really asking users to verify their accounts, and also if copyright infringement is the reason. A little work on your part to verify an email can save you from a lot of heartache.

he email asks you to follow a link to verify your account information and uses a threat.

  • The subject matter used a threat. Hackers know that scare tactics work and they’re not afraid to use them.
  • The email tells users to follow a link in the email to verify their account. Fake links are a hacker favorite.
  • Hover your cursor over the link to see if it’s taking you where it says it is. Check the URL very carefully for spelling tricks.

More verification is needed for your account.

  • Pushing users to give up even more data ensured hackers received everything they needed to hijack an account. What they originally asked for was not quite enough for an account takeover, but they already had users caught in their web. Hackers always want to steal as much data as they can. One link is bad enough, but two is too much.

There are typos in the email.

  • Checking for typos or incorrect use of the primary language are the first things to notice. In this case, these guidelines certainly apply with the threat they use.