Have you received a threatening letter regarding use of an image on Instagram? It could be a scam.
Cons are turning to fake copyright infringement warnings to dupe people into giving out their Instagram credentials, Naked Security reports. The fraudulent warnings arrive in emails that appear to come from Instagram and warn recipients that their accounts will be suspended if they don’t file an objection within twenty-four hours. If a victim clicks on the link to file the objection, they’ll be taken to a phishing page that imitates Instagram’s appearance.
After a person enters their username and password to theoretically file an appeal, they’ll view a loading page followed by a green checkmark and a message telling them their appeal has been filed. Thenthe site will redirect them to Instagram’s real login page.
Once the scammers have gained access to an Instagram account, they can use it for information gathering, monetization, or spreading additional phishing schemes to the account’s contacts.
Naked Security states that the phishing site in this scam has a long URL beginning with “instagram[.]copyrightinfringementappeal.” The use of two subdomains makes it difficult for users to see that the primary domain is fraudulent. Mobile devices are particularly susceptible to this technique, since they have less screen space to show the URL.
But there are some red flags. Naked Security noted that the email and website both contained obvious typos and grammatical errors. Second, the email was sent from a Turkish hosting company and the phishing site was hosted on a “[.]cf” domain, which is the country code for the Central African Republic. Last, a Google search could have revealed that Instagram’s copyright appeals process doesn’t actually work like this.
Unfortunately, it’s easy to fall for this for this type of scam. DarkHound SecOps recommends security awareness training to help your employees recognize the red flags of social engineering before they send their password to an attacker.
Source: https://nakedsecurity.sophos.com/2019/09/24/instagram-phish-poses-as-copyright-infringement-warning-dont-click/
Image Source: https://www.pexels.com/photo/close-up-of-smart-phone-248533/