Phishers Lure Instagram Users With Fake Verification Forms

pcmag.com:

Phishers are using Instagram's coveted blue check mark to convince people to share their data.

An email security provider called Vade reports(Opens in a new window) that phishers have been sending Instagram users messages claiming they can be verified on the service if they fill out a form within 48 hours. This form asks users to share their names as well as the username, phone number, and email address that's associated with their account before prompting them for their passwords as well.

"The body text explains that the victim’s Instagram profile has been reviewed and deemed eligible for verification," Vade says. "The Instagram and Facebook logos at the header and footer of the email attempt to create an air of legitimacy, as does the use of the victim’s actual Instagram handle, showing the hackers researched their target before the attack."

Vade says the message appears to be sent from an email account called "ig-badges" and is accompanied by a subject line that simply reads "ig bluebadge info." The company also notes that the scammers make grammatical mistakes throughout the initial message as well as the malicious form itself—both of which are common indicators that something is phishy.

These warning signs are easy to overlook, however, especially when the scammers target Instagram users who would like to be verified and fear they'll lose their chance if they don't fill out the form within 48 hours. Even people who know how these attacks are typically carried out can find themselves(Opens in a new window) being reeled in by phishers if they're confronted with the appropriate lure.

"Many people prize the Instagram blue badge for the social status it conveys, which may cloud their judgement [sic] when presented with