A new phishing campaign on Instagram by Crook looks as real as possible but it’s the most trickiest attack that you will ever see. With Facebook being continuously in the news for their security issues, Instagram might also be on the verge of getting hit by criticism.
The phishing attack baits the user through copyright infringement alerts showing an urgency to enter their credentials to save their account from suspension. The urgency attached to the email forces the user to give away their credentials, which go into the wrong hands.
The e-mail will ask the user to enter their information within 24 hours to save their social media accounts from being locked away.
You cannot easily distinguish between this phishing e-mail and the real e-mail by Instagram as the resemblance is uncanny. The design of the e-mail can easily avoid suspicion among users, hence, leading them to click the “Copyright Objection Form” lending to the phishing landing page.
According to Sophos, the phishing landing page will also ask for age confirmation, making it appear legit than ever. Once the username and password are uploaded on the form, the data will be shared to the attacker-controlled storage server. Another thing to avoid suspicion is the message that the user will receive after submitting the form to wait for 24 hours for Instagram to respond.
Those 24 hours are enough to cause the damage! You will also be redirected to Instagram’s login page to remove the illusion that you might be attacked.
One thing that can raise suspicion among users is the interstitial stating that the accounts will get suspended within 24 hours. The attackers have used valid HTTPS security certificates and Instagram domain to further drive users to believe them.
This is not the first time that phishing attacks have been witnessed on Facebook-owned platform, in fact, this is one of the many phishing attacks that Instagram witnesses every month. To save yourself from losing your account or information, try to user correct e-mail and phone number to your account so that account recovery is easier in such instances.
Another option is to immediately change the password once you have been through any of these phishing attacks. Not only will it log you out of all other devices but it will also make your account more secure. And finally make sure that the extra security layers such as two-factor authentication is also active on your account.
Read next: Instagram is Reportedly Working on a Feature that will Allow you to Edit your Story's Audience!
The phishing attack baits the user through copyright infringement alerts showing an urgency to enter their credentials to save their account from suspension. The urgency attached to the email forces the user to give away their credentials, which go into the wrong hands.
The e-mail will ask the user to enter their information within 24 hours to save their social media accounts from being locked away.
You cannot easily distinguish between this phishing e-mail and the real e-mail by Instagram as the resemblance is uncanny. The design of the e-mail can easily avoid suspicion among users, hence, leading them to click the “Copyright Objection Form” lending to the phishing landing page.
According to Sophos, the phishing landing page will also ask for age confirmation, making it appear legit than ever. Once the username and password are uploaded on the form, the data will be shared to the attacker-controlled storage server. Another thing to avoid suspicion is the message that the user will receive after submitting the form to wait for 24 hours for Instagram to respond.
Those 24 hours are enough to cause the damage! You will also be redirected to Instagram’s login page to remove the illusion that you might be attacked.
One thing that can raise suspicion among users is the interstitial stating that the accounts will get suspended within 24 hours. The attackers have used valid HTTPS security certificates and Instagram domain to further drive users to believe them.
This is not the first time that phishing attacks have been witnessed on Facebook-owned platform, in fact, this is one of the many phishing attacks that Instagram witnesses every month. To save yourself from losing your account or information, try to user correct e-mail and phone number to your account so that account recovery is easier in such instances.
Another option is to immediately change the password once you have been through any of these phishing attacks. Not only will it log you out of all other devices but it will also make your account more secure. And finally make sure that the extra security layers such as two-factor authentication is also active on your account.
Read next: Instagram is Reportedly Working on a Feature that will Allow you to Edit your Story's Audience!