Search This Blog

Showing posts with label Sensitive data. Show all posts

Instagram Users Fall Victim To yet another Phishing Campaign



Instagram user's become victims of a new phishing campaign that utilizes login attempt warnings combined with what resembles the two-factor authentication (2FA) codes to trick potential victims into surrendering over their sensitive data by means of fake sites.

It is believed that they use the 2FA to make the scam increasingly 'believable' and  alongside this they resort to phishing with the assistance of a wide scope of social engineering techniques, just as messages intended to seem as though they're sent by somebody they know or an authentic association.

Here, particularly the attackers utilize fake Instagram login alerts stating that somebody tried to sign in to the target's account, and thusly requesting that they affirm their identity by means of a sign-in page linked within the message.

In order to abstain from raising any suspicions these messages are intended to look as close as conceivable to what official messages might appear coming from Instagram.

Once on the target is redirected to the phisher's landing page, they see a perfectly cloned Instagram login page verified with a legitimate HTTPS certificate and displaying a green padlock to ease any questions regarding whether it's the genuine one or not.


To avoid from falling for an Instagram phishing trick like this one, the users are prescribed to never enter their sign-in certifications if the page requesting that they sign in does not belong to the instagram.com site.

Anyway in the event that the user has had their Instagram credentials stolen in such an attack or had their account hacked but in some way or another can still access it, at that point they should initially check if their right email address and phone number are still associated with the account.

Following this they it is advised that they change the account's password by adhering to specific guidelines given by Instagram.

Be that as it may, assuming unfortunately, that the user has lost access to their account after it being hacked, they can utilize these guidelines or instructions to report the incident to Instagram's security, which will then accordingly re-establish it subsequent to confirming the user's identity through a picture or the email address or phone number you signed up with and the type of device you used at the time of sign up."