With 2023 set to end, companies around the world are enjoying the Christmas period. However, malicious threat actors are taking advantage of this lapse in security measures. Phishing scams, malware, and other forms of cyber-attacks are being discovered almost every day that target innocent people. Now, a new Instagram phishing email campaign is doing the rounds where threat actors are targeting the login credentials of users by posing as Meta employees in a bid to not only get access to their usernames and passwords but also their backup codes. Know how this new Instagram phishing email campaign takes place and how to stay safe - 5 tips.
According to a report by Trustwave, an advanced version of the “Insta-Phish-A-Gram” campaign is now doing the rounds. In this phishing campaign, Instagram users receive an email from threat actors posing as Meta personnel. The email states that the user’s account has “infringed copyrights”. Cybercriminals are targeting users and their accounts through phishing emails (copyright violation scams) designed to steal their credentials and take over their accounts. You may find the email legitimate at first glance, but clicking on any links contained within it could put you and your account at risk. The email contains an “appeal form” that needs to be filled out within 12 hours or else the account will be deleted. However, when the link is clicked upon, it takes the user to a website masquerading as a Meta central portal.
As soon as the person clicks on Continue, the information is sent to the spammers. It asks the user to enter specific information such as username, and password. It then asks the user if the two-factor authentication is enabled, which when clicked upon, asks for the backup code. This is where the entry point into the user’s account is created. The fake Meta portal also asks for the user’s phone number.
For the unaware, the backup code on Instagram is generated when the user sets a 2-factor authentication.
1. You are advised to never click on links embedded in the emails. Try going to the official website of the company to find the correct link.
2. Check for the authenticity and credibility of the email address from which you received the email.
3. Look for spelling errors and grammatical mistakes in emails as well as in web addresses.
4. Reach out to others and ask for help before taking any action based on the content mentioned in the email.
5. Set up two-factor authentication (2FA) for all of your online accounts. Also, keep a strong password for your accounts.
Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.