Instagram users are being targeted by a new phishing scam that accuses them of copyright infringement in order to obtain their login details.
The attack begins with an email that claims a user’s account will be suspended in 24 hours for violating the platform’s “copyright laws,” screenshots from Naked Security show.
The message further states that users wishing to refute the claim can do so by clicking a “Copyright Objection Form” button embedded in the email. One of the first signs that something is amiss is the email’s numerous grammatical errors.
Clicking the button then sends the user to a fake Instagram page. The page’s URL ends not in “.com” but in “.cf,” another indicator that the email is a scam.
The page attempts to appear legitimate by using an SSL certificate as well, represented by a green padlock and “HTTPS” in the address bar.
If a user clicks through, they will then be asked to provide their date of birth, email, and Instagram password. Once your private data is obtained, the phishing page then redirects you Instagram’s real login page.
It’s yet another reminder to always read emails carefully and to inspect the URL of any links. Users should also enable two-factor authentication on all accounts when available to protect themselves if their password is actually stolen.
- Facebook’s new sign-up feature resembles a phishing attack
- New phishing attack uses Google Translate to trick users
- Netflix warns users to be cautious of new phishing scam
H/T Naked Security