Security researchers at Sophos have uncovered a new phishing scam targeted at Instagram users. The attackers are sending emails to users with the claim that there has been an unauthorized login attempt. This email looks identical to official Instagram emails and uses a fake two-factor authentication code, which lulls the user into a false sense of security.
When a user clicks on the link provided, they are redirected to a page that looks like the Instagram sign up page. However, the giveaway here is that the page is hosted on a .cf domain—the attackers have even taken the extra care to use a valid HTTPS certificate, giving the impression that the page is secure. Once the users end up on this page, they unsuspectingly enter their Instagram credentials.
Unsurprisingly, this is not the first phishing or hacking attempt targeting Instagram users. When receiving such emails, users don't really pay attention to the small details that could betray the malicious intent of the email, such as punctuation errors, spacing, and grammatical issues. If anything odd catches the eye, it's wise not to access the link or enter account details if prompted.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.