With 2023 set to end, companies around the world are enjoying the Christmas period. However, malicious threat actors are taking advantage of this lapse in security measures. Phishing scams, malware, and other forms of cyber-attacks are being discovered almost every day that target innocent people. Now, a new Instagram phishing email campaign is doing the rounds where threat actors are targeting the login credentials of users by posing as Meta employees in a bid to not only get access to their usernames and passwords but also their backup codes. Know how this new Instagram phishing email campaign takes place and how to stay safe - 5 tips.
According to a report by Trustwave, an advanced version of the “Insta-Phish-A-Gram” campaign is now doing the rounds. In this phishing campaign, Instagram users receive an email from threat actors posing as Meta personnel. The email states that the user's account has “infringed copyrights”. Cybercriminals are targeting users and their accounts through phishing emails (copyright violation scams) designed to steal their credentials and take over their accounts. You may find the email legitimate at first glance, but clicking on any links contained within it could put you and your account at risk. The email contains an “appeal form” that needs to be filled out within 12 hours or else the account will be deleted. However, when the link is clicked upon, it takes the user to a website masquerading as a Meta central portal.
As soon as the person clicks on Continue, the information is sent to the spammers. It asks the user to enter specific information such as username, and password. It then asks the user if the two-factor authentication is enabled, which when clicked upon, asks for the backup
Read more on tech.hindustantimes.com