Security Experts Raise The Alarm Against New Phishing Email Scam Targeting Instagram Users

A new security alarm has been generated regarding the latest strain in phishing scams.

This time around, attackers are targeting Instagram users by deceiving them into revealing their usernames, passwords, phone numbers, and more. These serve as backup codes that are utilized to overcome safeguards such as two-factor authentication in place.

The app’s 2FA has always been praised as a great security and protection barrier for anyone trying to access the app’s accounts as you need to provide proof through a second kind of verification that’s additional to passwords.

You can think of it as your one-time pin or OTP that can be generated via the likes of text messages or a direct email to your inbox. The code produced is via an authenticator or through the likes of WhatsApp.

When you configure this 2FA, you are in turn allowing the platform to give your account more backup codes. The rest five 8-digit figures are used when entering unrecognized devices or if users cannot verify through the 2FA standard protocol. The latter would be true if you lost your device. But remember, the code may be utilized just once.

Such static codes shimmer like gold for those making a malicious attempt to hack into users’ accounts. They just steal it and enter the unrecognized devices, via the simplicity of the sensitive credentials. In this manner, they fulfill the target related to two-factor authentication. But how can one attacker do so much? The answer is simple, they’re carrying out decisive phishing attacks.

The news comes to us thanks to the latest report by cybersecurity firm Trustwave. They were quick to mention how the latest phishing endeavor makes use of emails that disguise themselves in a manner that it seems like it belong to Meta.

They explain in the email how the account might be infringing on the likes of copyrights. After that, they make it seem like there’s some kind of urgency at stake via messages like how appeals should be added within a timeframe of 12 hours. In case that is not met, such accounts get deleted permanently.

When the user presses on the link to get the Appeal Form, they’re redirected to a new phishing page that pretends it’s Meta’s real portal that violates appeals. It is hosted through Bio Sites, which is a swift landing page app by Squarespace. The latter with assistance from Google helps to get rid of detection arising from spam means and other types of track links.

Now the problem gets worse if the user presses on the Confirm My Account option because they’re further directed to more bogus pages that pretend it’s Meta. So as you can see, the crime is a very meticulously planned one.

Today, email can be called out as the most important and common type of cybercrime in today’s time as it gives rise to phishing attempts galore. This is why experts feel the best way to stay safe is by keeping oneself safe by avoiding such emails, to begin with.

So how to know if something is suspicious in this case?

The answer is simple and can be found in the header for the email sent. It’s not linked to Meta and there are no right URLs mentioned for getting Google alerts.

How to stay vigilant? Experts feel the best way is never to share passwords or any kind of backup code out of Instagram.

In cases when you feel perhaps it’s gotten compromised, you can alter your credentials quickly like a swift password change.

Read next: Threads Enters The API Realm By Enabling Direct Third-Party Publishing On The App
Previous Post Next Post