Heads up Instagram users! The hackers are targeting you once again. A new phishing scheme is actively targeting Instagram users for hacking users’ profiles.
Instagram Phishing For Hacking Profiles
Researchers from Trend Micro have uncovered a new phishing attack active in the wild. This time, the phishing scheme aims at hacking Instagram profiles.
As elaborated in their blog post, the overall phishing strategy is pretty similar to the general phishing campaigns. The attack begins by tricking users into clicking on malicious links embedded in messages impersonating Instagram’s team as senders.
In this scheme, however, the difference lies in that the attackers do not use emails for sending the phishing messages. Rather they directly send these messages as Direct Message to the users on the Instagram platform. Whereas, the sender mimics Instagram’s Help Center.
The message creates a sense of panic and urgency to confuse the victims as it tells them to verify their accounts following a reported copyright violation.
Clicking on the embedded link then redirects the victim to a web page asking to enter the username.
Once done, another web page appears that asks for even more details, apparently, for account verification. This even includes the users’ actual email credentials in addition to the Instagram account login.
After entering all the details, the victim will be redirected to the legit Instagram login page. Though, if the victim was already logged in, the victim would then land on the home page. In this, the attackers manage to keep the attack veiled.
Now, the attacker has obtained all the details from the victim, including email credentials. Hence, they can continue taking over not only Instagram but the victim’s email account as well.
Though, what they intend to do is to grab the Instagram account only. Hence, they unlink the victim’s cell number from the Instagram account and change the email address.
Attack Active In The Wild
According to the researchers, the new phishing campaign is active in the wild. They could link bank the scheme with Turkish hacking groups that also previously conducted similar campaigns via emails.
Thus, all Instagram users must remain very careful for the DMs as well as emails. They should refrain from clicking on any links embedded in such messages. Moreover, they can contact the support team to confirm the legitimacy of any messages relating to or asking for account details.