Copyright Phishing

A new phishing scam is targeting most of the Instagram users by accusing them of Copyright Infringement and obtaining their credentials. It baits the users into giving away their login details using bogus copyright infringement alerts. The attack begins with a phishing email distributed as a part of this fake campaign that claims a user’s account will be suspended in 24 hours for violating Instagram’s Copyright Law. It triggers the users with a copyright notice and the users who wish to refute the claim can do so by clicking on the ‘Copyright Objection Form’ button embedded in the same email.

FAKE ALERTS OF COPYRIGHT INFRINGEMENT

Instagram news
In the present era, nobody wants to get locked out of their accounts on the social media platforms, even if it’s for a while. Consequently, the temptation to click on the email or its buttons is very high. The phishing messages appear similar to the official emails on Instagram. However, the emails have numerous grammatical errors, which are a hint to the users that something is amiss. Clicking the button of ‘Copyright Objection Form’ redirects the user to a fake Instagram page. Moreover, the page’s URL doesn’t end in ‘.com’ but in ‘.cf’ which adds to the illusion that the domain is an Instagram one on the mobile web browser.

The page seeks to appear legitimate and official by using an SSL certificate, represented by ‘HTTPS’ in the address bar and green padlocks. If the users click through, they would then be asked to give their email id, date of birth, and Instagram password. After obtaining all the private information of the users, the phishing page redirects them to the official Instagram login page for maintaining the illusion that the copyright objection form was authentic. If the Instagram users fall for this trick, the hackers can take control of their accounts undisturbed.

WHAT CAN THE USERS DO?

It is a matter of fact that yes; some of the Instagram users are bound to fall for such kind of scams. If you have got either your account hacked or credentials stolen but can still access the account, you first need to check whether your correct email id and mobile number are still associated with your account or not. For doing so, click on ‘Edit Profile’ option and scroll down to view the current mobile number and email id. If the attackers have changed the info, try to enter your details. After this, you should change your password as well, which would automatically log off all devices currently logged into your account, and give you the full control of your account. In case you lose complete access to your account, you can report the incident to Instagram’s security and wait for Instagram to confirm your identity with either your mobile number or email id using which you had signed up.

Such scams are yet another reminder for all the users to read the emails carefully and further inspect the URLs of all the links. They should also enable two-factor authentication on their social media accounts for protecting their identity and private details.