HQ/EMEAFind out how we can help your business
A recently discovered Instagram phishing campaign has compromised over 20,000 students of academic institutions. The attack was found by a security researcher explaining how the new threat works earlier this month.
Based on reports, the subject of the phishing email urges its targets to open the message. Its objective is to lure the students into accessing the email immediately upon receiving it. The actors ensured the email could instil the students’ urgency.
Moreover, the email used to send the messages seemed to come from Instagram support, with the sender’s name, email, and Instagram account that matches Instagram’s real credentials.
The specially crafted email attack was socially engineered and contained details exclusive to the recipient. The actors utilise this method to increase the legitimacy of the phishing email.
Once a target clicks the link in the email, it will redirect them to a landing page, including Instagram branding and information about the unusual login. In addition, there is a “This Wasn’t Me” button on the page not to raise any suspicion from the recipient.
Subsequently, if the victim clicks the button on the page, they will be redirected again to another landing page created by the actors to harvest user credentials. An expert said that the actors used a valid domain to use an origin for the phishing emails, which raised concerns regarding the sophistication of security defences.
The Instagram phishing campaign used a seemingly convincing domain, which bypassed security solutions.
The researchers said the email used for the Instagram phishing campaign is from a legitimate-looking domain dubbed ‘instagramsupport[.]net.’ However, this domain should be considered suspicious since the social media platform uses “Instagram[.]com.”
Several cybersecurity experts stated that not all users know these threats despite using the platform regularly. Hence, there should be more advisories that security experts must disseminate to all users.
Currently, the abundance of high-tech machinery should be accompanied by users with proper knowledge regarding the pros and cons of it. Therefore, users should consider the importance of getting educated on how to identify threats and social engineering campaigns.
