Instagram copyright scam: Security researcher warns about messages with malicious links

Instagram is one of the most popular social media platforms. Hundreds of millions of users access the platform daily. However, since the platform attracts soo many users, it also attracts bad actors. Most recently, cybercriminals have come up with a new method for threatening users. A cyber security researcher has recently warned Instagram users about a new phishing scam that tricks users into clicking malicious links by sending them a fake copyright notice. 

Users are always sharing content on Instagram. And while some of the content they share is original (as it has been created and published by the user), other content such as videos, reels, photos and memes might not belong to a user who is sharing them. In most cases, there is no copyright infringement as such content is meant for sharing on the platform. However, in some cases, users might end up getting a copyright infringement notice. It is a serious deal as multiple copyright strikes can get an Instagram account terminated. It is this fear that the fraudsters are using to trick users into revealing valuable personal information. 

How does the new Instagram copyright violation scam work?

As mentioned earlier, cyber security researcher Paul Ducklin has recently informed users about a new technique that is being used by fraudsters. In an attempt to extract victims' personal information, cybercriminals are sending fake copyright infringement notices to a large number of users on their Instagram ID. The message also contains a link where users are supposed to click if they wish to prove innocence and challenge the infringement.

As shared by the cyber security firm called Sophos, the message that users might receive is "hello, we recently received a complaint about a post on your Instagram. Your post has been reported as infringing copyright. Your account will be removed if no objection is made to the copyrighted work. If you think this determination is incorrect, please fill out the objection form from the link below." To stay away from cybercrime like this, users shall avoid clicking links that are attached to suspicious emails. 

Thereafter, when users click on the link that is given to appeal to the copyright infringement, a malicious website opens and asks the users to log in to their Instagram ID by entering their login ID and password. However, as the users enter their passwords, the link tells them that the user ID and password entered is wrong. After two to three attempts, the users get a message that their appeal was submitted successfully. This is nothing but a trick that is being used by fraudsters to extract users' ID and password which gives them access to their Instagram account. 

Image: UNSPLASH