Phishing Campaign Targets Instagram Users

A new phishing campaign targeting Instagram users is using fake copyright infringement notices to steal user credentials.

Detailed by security researchers at Kaspersky Lab Friday, the campaign sees Instagram users targeted with an email that pretends to be from Instagram.

The emails, usually with an address coming from an official-looking URL such as theinstagram.team read “we regret to inform you that your account will be suspending because you have violated the copyright laws. Your account will be deleted within 24 hours. If you think we make a mistake please verify, to secure your account.”

Users are then prompted to click on a button labeled “verify account.” If users click on the button, they’re prompted to input their Instagram credentials. For the double phishing blow, users are then presented with a second message, “we need to verify your feedback and check if your e-mail account matches the Instagram account.”

Should users then click on “Verify My E-mail Address,” they’re offered a list of email service providers. After selecting their provider, they’re then asked to submit both their email address and their password for the email account. Worse, if the email account is Gmail, the victims are also handing over access to their entire Google account as well.

“As soon as your data goes to the scammers, they can take over your Instagram profile and modify the information you need to recover it,” the researchers explained. “From there, they can start demanding ransom to give the account back to you, or start spreading spam and all kinds of malicious content using your hijacked account.”

Users are advised to take simple precautions to avoid being scammed in cases such as this phishing scheme. That includes not clicking on suspicious links, always checking the address bar for the URL of the web page and, probably best of all, only use the official Instagram app when interacting with the service.

Fake Login Pages

Attackers are getting better at making their phishing attacks more believable. Users can’t rely on trusting the URL (Website) domain alone in web links received via email.

If you click a link and are greeted by a login prompt, be sure to review how you got to the page. If there is any suspicion, don’t enter private information and get confirmation from the person who sent you there. Try calling the person or company directly to verify the link with the trusted person.

Working through these steps may take a few more moments to verify the link but will save you in the long run when a malicious link does get sent to you or your company.

Sample Login Page that looks real (Click image to enlarge)

Phishing Attack Warns About Boeing 737 Max Crashes

Large airline crashes tend to uniquely focus almost everyone's attention. Lowlife internet criminals are exploiting the fear connected to these incidents, and leverage it in phishing attacks. 

These emails pretend to be from a private intelligence analyst who found a leaked document on the dark web. This document pretends to contain information about other airline companies will be affected by similar crashes soon, and in broken English "kindly notify your loved ones about the informations on these file".

"Airplane Crash Scam Warning. Be on the lookout for emails in your inbox from "analysts" about the recent Boeing 737 Max airplane crashes, asking you to notify your loved ones about possible other airlines "that will go down soon". These emails come with infected attachments that might make it through the filters, either at the office or at your house. Remember to always be alert about email with unknown attachments, and never open an attachment unless you are expecting it from the sender and have confirmed that they have actually sent it to you."

Sample Email (Click image to enlarge)