perm_phone_msgConsider your business risks? Chat With US

New Instagram Phishing Scheme Aims At Hacking Profiles

Ransomware BCyber todaySeptember 19, 2020 92

share close

Heads up Instagram users! The hackers are targeting you once again. A new phishing scheme is actively targeting Instagram users for hacking users’ profiles.

Instagram Phishing For Hacking Profiles

Researchers from Trend Micro have uncovered a new phishing attack active in the wild. This time, the phishing scheme aims at hacking Instagram profiles.

As elaborated in their blog post, the overall phishing strategy is pretty similar to the general phishing campaigns. The attack begins by tricking users into clicking on malicious links embedded in messages impersonating Instagram’s team as senders.

In this scheme, however, the difference lies in that the attackers do not use emails for sending the phishing messages. Rather they directly send these messages as Direct Message to the users on the Instagram platform. Whereas, the sender mimics Instagram’s Help Center.

The message creates a sense of panic and urgency to confuse the victims as it tells them to verify their accounts following a reported copyright violation.

Source: Trend Micro

Clicking on the embedded link then redirects the victim to a web page asking to enter the username.

Source: Trend Micro

Once done, another web page appears that asks for even more details, apparently, for account verification. This even includes the users’ actual email credentials in addition to the Instagram account login.

Source: Trend Micro

After entering all the details, the victim will be redirected to the legit Instagram login page. Though, if the victim was already logged in, the victim would then land on the home page. In this, the attackers manage to keep the attack veiled.

Now, the attacker has obtained all the details from the victim, including email credentials. Hence, they can continue taking over not only Instagram but the victim’s email account as well.

Though, what they intend to do is to grab the Instagram account only. Hence, they unlink the victim’s cell number from the Instagram account and change the email address.

Attack Active In The Wild

According to the researchers, the new phishing campaign is active in the wild. They could link bank the scheme with Turkish hacking groups that also previously conducted similar campaigns via emails.

Thus, all Instagram users must remain very careful for the DMs as well as emails. They should refrain from clicking on any links embedded in such messages. Moreover, they can contact the support team to confirm the legitimacy of any messages relating to or asking for account details.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Latest posts by Abeerah Hashim (see all)

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat