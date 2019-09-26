Special By By Tim Sandle 44 mins ago in Technology A new phishing campaign targeting Instagram users by luring them into providing their credentials using fake copyright infringement alerts--implanting a feeling of urgency designed to lower the users' guard. Peter Goldstein of Valimail provides analysis. The message states that users wishing to refute the Copyright Objection claim can do so by clicking a “Copyright Objection Form” button, which is embedded in the email. Clicking the button directs the user to a fake Instagram page. The page’s URL ends not in “.com” but in “.cf”. The page attempts to appear legitimate by using an SSL certificate as well, represented by a green padlock and “HTTPS” in the address bar. The risk is that when the user clicks through, they are then be asked to provide their date of birth, email, and Instagram password. This hands over private data to the hackers. To understand more about the attack, Digital Journal spoke with According to Goldstein, the attack shows how sophisticated hackers are becoming: “The latest phishing campaign targeting Instagram users shows how advanced impersonation techniques can be, and how difficult it is to distinguish them from legitimate emails." He explains further: "By leveraging highly sophisticated social engineering techniques, hackers are attempting to steal user information by directing victims to an identical-looking Instagram page and asking them to complete a copyright infringement form to avoid account deactivation." The consequences of all this are very serious, according to Goldstein since "once login credentials are gathered, the threat actors could takeover Instagram accounts to spam, misinformation and propaganda or to demand a hefty price for the return of the accounts to their rightful owners." Goldstein explains that companies need to get better at protecting users and the situation is likely to get worse: "As phishing emails increasingly become harder and harder to detect, it’s important to prevent these malicious emails from ever entering inboxes in the first place." He notes that current security protocols are inadequate: "Most email defenses will focus on the content of the messages and the links they contain, but by focusing on authenticating the identity of the sender, more than 83 percent of malicious emails can be stopped in their tracks." He maintains that by "properly enforcing Domain-based Message Authentication, Reporting and Conformance (or This Instagram phishing campaign follows on from several high-profile YouTube accounts and channels being hacked over the weekend in what appears to be part of a “co-ordinated” phishing attack. The hack uses fake Google login pages to obtain credentials from users. 