Instagram phishing email campaign steals login credentials, backup codes! Know top 5 tips to stay safe

Instagram users are being targeted in a phishing email campaign where threat actors pose as Meta employees. Know all about this Instagram phishing email campaign and top 5 tips to stay safe.

By: HT TECH
| Updated on: Dec 22 2023, 15:57 IST
WARNING! SBI shows how to protect yourself against online fraud, phishing
Instagram
1/5 SBI says that you should be suspicious of any e-mail or text message containing urgent requests for personal or financial information as banks almost never use e-mails as a form of confirmation of identity and always verify a website’s address line with the address mentioned in the email. (HT_PRINT)
Instagram
2/5 Only contact the organization you want to connect with by using a telephone number from a credible source like bill or a phone book. Never give away any confidential personal or financial information on the phone to strangers or even family members or friends. (Pixabay)
Instagram
3/5 It is advised to regularly update your computer with anti-virus software, spyware filters, e-mail filters and firewall programs and use the latest version available of the web browser. (Pixabay)
image caption
4/5 NEVER keep your banking credentials the same as your other online accounts. Never save your login credentials on your browser as they can be easily misused. (Pixabay)
Instagram
5/5 Do not share any confidential information through suspicious emails, websites, social media networks, text messages or phone calls and regularly check your credit and debit card statements regularly to ensure all transactions done are legitimate. (Pixabay)
Instagram
icon View all Images
Stay safe from Instagram phishing email campaign. Know the top 5 tips to do so. (Unsplash)

With 2023 set to end, companies around the world are enjoying the Christmas period. However, malicious threat actors are taking advantage of this lapse in security measures.  Phishing scams, malware, and other forms of cyber-attacks are being discovered almost every day that target innocent people. Now, a new Instagram phishing email campaign is doing the rounds where threat actors are targeting the login credentials of users by posing as Meta employees in a bid to not only get access to their usernames and passwords but also their backup codes. Know how this new Instagram phishing email campaign takes place and how to stay safe - 5 tips.

Instagram phishing emails: How does it happen?

According to a report by Trustwave, an advanced version of the “Insta-Phish-A-Gram” campaign is now doing the rounds. In this phishing campaign, Instagram users receive an email from threat actors posing as Meta personnel. The email states that the user's account has “infringed copyrights”. Cybercriminals are targeting users and their accounts through phishing emails (copyright violation scams) designed to steal their credentials and take over their accounts. You may find the email legitimate at first glance, but clicking on any links contained within it could put you and your account at risk. The email contains an “appeal form” that needs to be filled out within 12 hours or else the account will be deleted. However, when the link is clicked upon, it takes the user to a website masquerading as a Meta central portal.

As soon as the person clicks on Continue, the information is sent to the spammers. It asks the user to enter specific information such as username, and password. It then asks the user if the two-factor authentication is enabled, which when clicked upon, asks for the backup code. This is where the entry point into the user's account is created. The fake Meta portal also asks for the user's phone number.

Also read
Looking for a smartphone? To check mobile finder click here.

For the unaware, the backup code on Instagram is generated when the user sets a 2-factor authentication. 

How stay safe against phishing emails

1. You are advised to never click on links embedded in the emails. Try going to the official website of the company to find the correct link.

2. Check for the authenticity and credibility of the email address from which you received the email.

3. Look for spelling errors and grammatical mistakes in emails as well as in web addresses.

4. Reach out to others and ask for help before taking any action based on the content mentioned in the email.

5. Set up two-factor authentication (2FA) for all of your online accounts. Also, keep a strong password for your accounts.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 22 Dec, 15:53 IST
NEXT ARTICLE BEGINS