With the Instagram phishing attack, the phishing e-mails distributed as part of this campaign use fake account suspension messages supposedly triggered by a copyright notice and asking them to fill out a ‘Copyright Objection Form’ within 24 hours, according to CPO magazine.
Daily Dot provides an analysis of the attack:
The message states that users wishing to refute the Copyright Objection claim can do so by clicking a “Copyright Objection Form” button, which is embedded in the email.
Clicking the button directs the user to a fake Instagram page. The page’s URL ends not in “.com” but in “.cf”.
The page attempts to appear legitimate by using an SSL certificate as well, represented by a green padlock and “HTTPS” in the address bar.
The risk is that when the user clicks through, they are then be asked to provide their date of birth, email, and Instagram password. This hands over private data to the hackers.
To understand more about the attack, Digital Journal spoke with Peter Goldstein, CTO and co-founder of Valimail (an automated email authentication service).
According to Goldstein, the attack shows how sophisticated hackers are becoming: “The latest phishing campaign targeting Instagram users shows how advanced impersonation techniques can be, and how difficult it is to distinguish them from legitimate emails.”
He explains further: “By leveraging highly sophisticated social engineering techniques, hackers are attempting to steal user information by directing victims to an identical-looking Instagram page and asking them to complete a copyright infringement form to avoid account deactivation.”
The consequences of all this are very serious, according to Goldstein since “once login credentials are gathered, the threat actors could takeover Instagram accounts to spam, misinformation and propaganda or to demand a hefty price for the return of the accounts to their rightful owners.”
Goldstein explains that companies need to get better at protecting users and the situation is likely to get worse: “As phishing emails increasingly become harder and harder to detect, it’s important to prevent these malicious emails from ever entering inboxes in the first place.”
He notes that current security protocols are inadequate: “Most email defenses will focus on the content of the messages and the links they contain, but by focusing on authenticating the identity of the sender, more than 83 percent of malicious emails can be stopped in their tracks.”
He maintains that by “properly enforcing Domain-based Message Authentication, Reporting and Conformance (or DMARC) and implementing advanced anti-phishing solutions that validate sender identity are critical to protecting both consumers and businesses from phishing, which is implicated in more than 90 percent of all cybersecurity attacks.”
This Instagram phishing campaign follows on from several high-profile YouTube accounts and channels being hacked over the weekend in what appears to be part of a “co-ordinated” phishing attack. The hack uses fake Google login pages to obtain credentials from users.
