A new phishing campaign is targeting Instagram users. The Phish is designed to steal user credentials with fake copyright infringement email notices.
Hackers have been sending Instagram users an email that appears to come directly from Instagram, according to Kaspersky Lab. The email states, “we regret to inform you that your account will be suspending because you have violated the copyright laws. Your account will be deleted within 24 hours. If you think we made a mistake, please verify, to secure your account.” Once users clicked on the link, hackers were able to steal username and password data. Once armed with the information they were after, scammers will hold accounts for ransom.
This Instagram phishing hack is full of red flags. Keep reading to learn how to protect your account from sneaky hackers.
Funky email addresses and typos:
Hackers will always send their email from an address that looks legitimate at first glance. Pay attention to the details. What is the difference between email@example.com and firstname.lastname@example.org. A period or the word ‘the’ in an email address can be a dead giveaway.
Also, check for typos and correct use of language in the body of the message. For example, the hackers wrote, “we regret to inform you that your account will be suspending because you have violated the copyright laws.”
Includes a link, or two:
Never click on a link in an email to verify account information. Always go directly to the source. In this case, the source would be Instagram. Your safest bet would be to access your Instagram profile settings in the app from your smartphone. If you do not see any requests for account verification at the source, it’s a scam.
If an email threatens to delete your account, don’t be fooled. Hackers know that urgent scare tactics work and they’re not afraid to use them. Your account will not be deleted within 24 hours if you contact the source first.