Digital attackers are targeting high-profile Instagram users with fake copyright infringement notifications in a bid to hijack their accounts.
Detected by Kaspersky Lab, this scheme begins when an Instagram influencer receives an email notification informing them that their “account will be permanently deleted for copyright infringement.” The email notice looks official in that it uses Instagram’s header and logo. The email address in the “From” field, either email@example.com or firstname.lastname@example.org, is even similar to Instagram’s legitimate contact email address, email@example.com.
The email tells the user that Instagram will delete the user’s Instagram profile unless they verify their account within 24 hours. Once they click on the “Verify Account” link, the targeted user sees a prompt to enter their account credentials for the platform. If they comply, the scam displays another message informing the target that their email address matches the one used with their account. The user then has the ability to choose their email provider and enter the credentials for their preferred email account.
At this point, the ruse redirects the target to the legitimate Instagram website. Those behind the ploy are then free to initiate the next phase of their attack. As explained by Kaspersky Lab in a blog post:
As soon as your data goes to the scammers, they can take over your Instagram profile and modify the information you need to recover it. From there, they can start demanding ransom to give the account back to you, or start spreading spam and all kinds of malicious content using your hijacked account….
To defend themselves against this attack sequence, Instagram users should protect their accounts with a strong password and enable two-factor authentication (2FA). They should also take the extra precaution of familiarizing themselves with some of the most common types of scams that plague users on social media like LinkedIn, Facebook and Twitter.