New Instagram Phishing Scam Could Be On The Rise: Tips To Protect Your Account


Instagram phishing scam on the rise, these are some safety tips. The report explains how hackers impersonate Instagram and try to gain access to accounts

Written By Tanmay Patange | Mumbai | Updated On:

According to a recent Kaspersky report, a new phishing scam targeting popular Instagram accounts is on the rise. The report explains how hackers impersonate Instagram and try to gain access to accounts by providing users with fake emails.

First of all, hackers send a fake email to users saying that their account has received a copyright infringement notice. 

“Your account will be permanently deleted for copyright infringement,” claims a fake email sent from a fake Instagram support.

Surprisingly, it seems legitimate at first. But if you take a closer look at the sender's email address, you will notice domain name. Check out the screenshot below:

All these fake emails contain a link that points to a malicious, phishing page hosted on a third-party server. But we will come to that later.

It says you have just 24 hours to appeal and provides a “Review complaint” button. In some cases, it provides a "Verify account" button. If you click it, you will end up on a phishing page that offers users a link to “Appeal.” As for some more trickery, it offers a long list of language choices but that doesn't work since the page only remains in English.

It will then ask you to submit your username and password login credentials. To make the whole thing look even more legitimate, it will show a message "We will review your feedback" after you submit your credentials. Users will then be redirected to the official Instagram website.

READ | Instagram might be testing 'Watch Party' feature to let friends watch videos together

The moment you submit your Instagram login credentials, your account is compromised since the attacker already has your Instagram username and password credentials - the ones you entered already.

However, the Kaspersky report raises a very important question: How does an attacker know about the email address associated with a particular Instagram account? We have reached out to Instagram for a comment on this story.

Tips to safeguard your Instagram account

1. Pay attention to suspicious links

Always be careful about the links you open on your browser. If you find anything suspicious, don't click. The backbone of these phishing scams is a little bit of trickery to make users fall for such fraudulent schemes and malicious pages impersonating the real ones.

READ | Tired of text messages? Now you can speak with your friends over Instagram

2. Make use of official apps

Make sure you download or update Instagram through official channels (Google Play Store for Android and App Store for iOS).

3. Be careful about verification

Simply refrain from entering your account login credentials for authentication and verifications purposes on third-party apps and services.

By 2030, 40% Indian will not have access to drinking water