Ever wonder if you might qualify for a blue tick on Instagram? For those who don’t know, it’s a verified badge with a blue check that appears next to an Instagram account's name in search and on the profile. It means Instagram has confirmed that an account is the authentic presence of the public figure, celebrity or brand it represents. Anyone can request a verified badge on Instagram. However, Instagram is notoriously picky about who actually gets verified, and the process is shrouded in secrecy.
So then, think twice if you get an email from Instagram, telling you that “your account has been reviewed and found to comply with community guidelines. You can request a Verified Badge... by clicking the “Verification Form” button below.” Sadly, it’s most likely a scam.
MailGuard is intercepting the emails with the simple subject of ‘Case’, and entitled ‘A Message from Instagram’. See the example below.
The scam is designed to steal a users’ username and password, potentially providing access to the victims’ social media accounts and likely for the harvesting and sale of the credentials to other criminal organisations on the dark web.
Incorporating prominent Instagram branding, along with Meta and Facebook, the user workflow is a good imitation of the legitimate process, with the exception of some subtle grammatical errors.
After capturing the victim’s username and password, the scam informs them that the password that they have used is incorrect.
The email purports to come from Instagram (Meta or Facebook), but it is actually coming from a newly registered domain with a generic name, business-objectionchannel(dot)com and has been sent out by servers at mailchannels(dot)net. The phishing page itself is hosted behind Cloudflare, so its’ true source cannot be identified.
Popular technology vendors and platforms like Instagram are attractive targets for cybercriminals, due to their trusted brand and enormous customer base. Last month MailGuard intercepted a similar scam spoofing Instagram that claimed a breach of copyright.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
