Beware! A New Phishing scam targeting Instagram users
Instagram is one of the most popular social networking applications and it is used by most of us to share pictures and videos with our friends and family, but have you ever thought that even your Instagram account could be hacked and it doesn’t matter how good your password is.
A new phishing scam has been detected by the security researchers that target Instagram users. This scam uses a simple social engineering technique like failed login attempt alerts coupled with a code which gives a feel of two-factor authentication (2FA) codes.
How does it work?
According to Paul Ducklin from Sophos, scammers use phishing emails to send fake Instagram login alerts. Scammers are stating that someone has attempted to login to the target’s account. The Targeted users are then asked to confirm their identity by clicking on a link that comes in the message.
To make it look like real, the message includes a fake 2FA code which is supposed to be used by the victim when they login to the fake Instagram page. When the targeted user clicks on the sign-in link, the actual phishing website opens. This web page looks exactly similar to the Instagram account sign-in screen.
Even the browser does not raise an alarm when the phishing page is opened. It is secured with a valid HTTPS certificate and displays a green padlock – which indicates that this site is safe. But there is a small twist in the domain name of the Instagram, it has a fake domain ending with “.cf ” – enough to prove that it is fake.
So, if the user isn’t smart enough to note down that fake URL of the Instagram, he or she is likely to fall into this phishing attack. Therefore, one should not trust each and every email that they see in their mailbox- especially when it contains some URLs or Attachments.