Hasty actions are bad, especially when it comes to the World Wide Web. In recent years, phishing attacks that rely on urgency (Instant action) have become pretty common among cybercriminals. Instagram is not new to the phishing scene, and unfortunately, it’s in it again.
Vanity and the urge to become verified can be disastrous, and threat actors are well aware of that. This time around, a phishing campaign is targeting Instagram users by promising to reward them with a verification badge.
Who doesn’t want that, right? Well, carelessness and enthusiasm can get Instagram users in trouble, and it did. What is this about? How is it implemented? Here’s everything you need to know.
A Smart Phishing Lure – Get Your Blue Tick Now!
Instagram users had it rough this year. The social media platform witnessed all kinds of attacks ranging from banking trojans to phishing practices.
A while ago, Instagram, along with Netflix and Twitter, suffered a MasterFred attack. The attackers embedded the malware within fake Android apps that resembled those of the platforms.
Now, they’re preying on the users’ “vanity” factor by promising to award them with a “Verified” badge next to their profile on Instagram.
To clear things out, Instagram awards these blue badges to the accounts it finds to be authentic, representing a public figure, celebrity, or brand.
If any normal individual receives this privilege, they’ll jump right in for such an opportunity. That’s exactly what the attackers are hoping for, as it all begins with an email.
As seen in the image above, the email clearly shows the approach. The attackers promise the victims to provide them with a blue badge. Not only that, but to add some sense of urgency, the message includes a notice stating that this offer will expire within 48 hours.
Now, the users get too eager to get their accounts verified and directly click on the link provided in the email. Once they do so, they’ll be redirected to a fake page that perfectly resembles the actual platform’s, adding more legitimacy to the trap:
Here’s where everything goes South. The users are prompted to submit their name, email address, as well as their phone number.
Once they click on the “Continue” button, the page asks them to enter their password as a form of verification that they’re the ones who own the account.
Finally, when they go through these steps, a message pops up informing them that the account has been verified and the Instagram team will be reaching out to them within 48 hours.
Do you know what this means? Once this message pops up, it means that the attackers now have all the information to take over your account.
An Instagram Verified Tick – You’ve Been Phished
Campaigns targeting social media users with phishing emails are getting more popular with time. Unfortunately, they don’t just target Instagram users; other social media platforms are included.
Now, here’s where security knowledge comes in handy. To protect yourself against future attacks, make sure that you regularly change your passwords.
Not only that but also choose ones that are not easy to guess. Moreover, enabling 2FA is a perfect way to protect your account. And finally, never click on a link in an email without confirming the source.
Instagram would never contact you to verify your account. If you want that, you’re going to have to fill in a request, so this campaign has “Fake” all over it.
