Update: Due to their large customer base, Instagram are frequently targets of impersonation. If this email differs from the one you've received, you may want to check out the most recent one from September 2022. We also reported on another phishing scam in March 2022.
Instagram is being impersonated by cybercriminals in a phishing email scam designed to steal users’ confidential data.
Users should be wary of an email titled “Instagram Copyright” claiming that their account has been reported for denial of copyright.
Intercepted by MailGuard, this new phishing scam, claims that their account has been reported and that “according to community guidelines, copyright complaints are very important”. It requests the user to fill out the appeal form if they think the report of copyright infringement on their Instagram account is an error.
The suspicious looking email, from a server owned by Hostlab, a Turkish web hosting company and sent from info(at)iqviolationteam(dot)com”, tries to entice users to enter personal details via a blue call to action button ‘’Appeal form’’.
Here’s what the email looks like:
When a user clicks the “Appeal Form” link, they are taken to an authentic looking Instagram login page (pictured below) that requests users to enter their “Instagram Username to verify their identity and access the appeal form”. The Instagram branded phishing page is hosted at instagrammedia(dot)ml.
Following this, users are taken to a page addressed to them personally, requesting their password and stating “Before completing the form, you must login with your account’’.
Once these credentials are entered and submitted, the attacker harvests them for later use, and the user is met with an error saying “Sorry, your password was wrong. Please check your password carefully.”
Popular technology vendors and platforms like Instagram are attractive targets for cybercriminals, due to their trusted brand and enormous customer base.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
