iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Instagram influencers and creators often have their email ID attached to their profiles, making them more susceptible to getting scam emails highlighting copyright infringement.
Cyber criminals have found a new sophisticated way to target Instagram users through an email phishing scam.
According to Paul Ducklin, a cyber security researcher at Sophos, cyber criminals are using fake copyright infringement notices as bait for Instagram users.
Phishing is a trick used by scammers to trick potential victims into revealing sensitive information through fraudulent messages and dubious login pages. The scammers extract sensitive information such as email, date of birth, location and phone number through malicious links and gain full access to the victims’ accounts.
Instagram influencers and creators often have their email ID attached to their profiles, making them more susceptible to getting scam emails highlighting copyright infringement.
How does this scam work?
Hackers send fake copyright notices through email and ask the victim to “prove innocence” by providing a link to object to the copyright “complaint”.
Sophos has found that Instagram users are receiving a message on their account that reads, "Hello, … We recently received a complaint about a post on your Instagram. Your post has been reported as infringing copyright. Your account will be removed if no objection is made to the copyrighted work. If you think this determination is incorrect, please fill out the objection form from the link below."
At the bottom of the phishing email, there’s an “appeal” button that leads users to a new page.
Ducklin explains that the “appeal” uses a shortened link, but whether one checks the destination of the link in advance or clicks through anyway, the resulting website doesn’t look as bogus as most people may expect. The malicious website then asks for the email address and Instagram password. It then pretends that the user made an error typing in your password and tells to try again.
“It is presumably as a simple way for the crooks to discard login attempts where a user clearly just bashed out any old garbage on the keyboard to see what happened next,” Ducklin said.
"Then there’s a message that tells you that your appeal was submitted successfully."
Ultimately, users are tricked into providing their password that compromises their Instagram account completely.
"While we hope that you'd spot an email scam of this sort right away, we have to admit that some of the copyright phishes we’ve received in recent weeks are much more believable – and better spelled, and more grammatical – than many of the examples we’ve written about before," Ducklin concluded.
How to stay safe
[Related: New report finds scammers tracking victims through current events and pop culture trends]
Be the first to hear the latest developments in the cyber industry.
