Article Lead Image

Pxhere (Public Domain)

Watch out for this new Instagram copyright phishing scam

The attack asks users to log in to a fake page to dispute an alleged copyright violation.


Mikael Thalen


Posted on Sep 24, 2019   Updated on May 20, 2021, 3:01 am CDT

Instagram users are being targeted by a new phishing scam that accuses them of copyright infringement in order to obtain their login details.

The attack begins with an email that claims a user’s account will be suspended in 24 hours for violating the platform’s “copyright laws,” screenshots from Naked Security show.

The message further states that users wishing to refute the claim can do so by clicking a “Copyright Objection Form” button embedded in the email. One of the first signs that something is amiss is the email’s numerous grammatical errors.

Clicking the button then sends the user to a fake Instagram page. The page’s URL ends not in “.com” but in “.cf,” another indicator that the email is a scam.

The page attempts to appear legitimate by using an SSL certificate as well, represented by a green padlock and “HTTPS” in the address bar.

If a user clicks through, they will then be asked to provide their date of birth, email, and Instagram password. Once your private data is obtained, the phishing page then redirects you Instagram’s real login page.

It’s yet another reminder to always read emails carefully and to inspect the URL of any links. Users should also enable two-factor authentication on all accounts when available to protect themselves if their password is actually stolen.


H/T Naked Security

Share this article
*First Published: Sep 24, 2019, 2:54 pm CDT