NEWS  Security  December 21, 2023  Reading time: 2 Minute(s)

Max (RS editor)

A novel strain of Instagram phishing emails has surfaced, demonstrating a sophisticated attempt by cybercriminals to extract sensitive information, including usernames, passwords, phone numbers, and the crucial backup codes used for two-factor authentication (2FA). Instagram's 2FA, a vital security feature, adds an additional layer of protection to user accounts, making this new phishing campaign particularly insidious.

When setting up 2FA on Instagram, users are provided with a set of backup codes, each consisting of five unique 8-digit numbers. These codes serve as a lifeline, allowing users to regain access to their accounts when faced with challenges such as a lost phone or an unrecognized device. However, these static codes have become a coveted target for attackers, as a single stolen code grants them unfettered access, circumventing any 2FA measures in place.

The Anatomy of the Attack

Security experts at Trustwave have identified a new phishing campaign that masquerades as communications from Meta, Instagram's parent company. The deceptive emails claim account infringement on copyrights, creating a false sense of urgency by threatening permanent account deletion unless an appeal is submitted within 12 hours. The attackers employ cleverly crafted emails to lure victims into a trap.

Clicking on the provided links in the email redirects users to a phishing site that convincingly mimics Meta's official portal for violation appeals. Hosted on Bio Sites, Squarespace's landing page platform, and coupled with a Google notifications link, the attackers aim to evade spam detection tools and monitor link clicks. The phishing site prompts users to enter their credentials, followed by a query about the presence of 2FA on the account.

The Critical Moment: Extracting Backup Codes

Upon confirming the use of 2FA, the attackers request one of the user's five backup codes, providing them with the final puzzle piece to compromise the account fully. Subsequent screens prompt users to disclose their email address and phone number, further exacerbating the risk of identity theft and unauthorized access.

Red Flags to Watch For

Several elements in this phishing campaign raise suspicion, including the sender's email (contact-helpchannelcopyrights[.]com), not affiliated with Meta, and the Google notifications URL embedded in the appeal form button. These inconsistencies serve as crucial warning signs for users to identify potential threats.

Protecting Yourself: A Call to Vigilance

As cyber threats evolve, users must remain vigilant against phishing attacks. Avoid sharing passwords or backup codes outside the Instagram app, and critically assess emails for legitimacy. If you suspect compromise, take immediate action by changing your password and generating new backup codes within Instagram's security settings.

The battle against cybercrime requires proactive measures and user education. By staying informed and adopting best practices, users can fortify their defenses against the ever-evolving landscape of phishing attacks. Remember, the first line of defense is you.

 COVER IMAGE BY FREEPIK / REVIEW SPACE