Instagram phishing scam uses seemingly legit account to get user passwords
An elaborate phishing scam has hit some Instagram users who warn that the content appears, at least initially, to be a legitimate message from the platform. The scam involves sending a private message to Instagram users, warning them that they have infringed upon an image’s copyright and they need to fill out a form to avoid having their account suspended.
Phishing scams are attempts to acquire the victim’s personal information, typically login credentials for online accounts or information that could be used for financial fraud, such as a Social Security number. In the case of this latest Instagram scam, which was first reported by Fstoppers, the scammers seek login information for the victim’s Instagram and email accounts.
It’s unclear how broadly this scam may be deployed, but at least one seemingly legitimate account appears to have been hijacked to send these messages. Andy Day at Fstoppers reports having received a private message on Instagram from The North Face Chile account alleging that a copyright violation had been detected on his account.
|The North Face Chile account behind the phishing message.|
The phishing scam states that the user must ‘provide feedback’ to the message or else their account will be suspended in 24 hours. The message includes a link to “InstagramHelpNotice.com,’ a website that appears — at first — to be a legitimate Instagram website (at least if the victim is on mobile, which is the primary platform used by Instagrammers).
|The first two screens presented on the phishing website ‘InstagramHelpNotice.com’|
The phishing website first prompts the user to enter their Instagram username, then their password. This section of the website appears legitimate, but the next part seeking the user’s email address and email password is obviously a scam. In addition to the fact that Instagram would never ask for a user’s personal email credentials, the website also misspells ‘address’ as ‘Adress.’
|The second and third screens on the Instagram phishing website.|
It’s unclear whether The North Face Chile is, indeed, a legitimate account or whether scammers went to fairly elaborate lengths to create the account and make it appear legitimate. The content that is currently on The North Face Chile Instagram account mirrors the content found on a different account called ‘zeusclubantalya.’
According to WHO.is, the phishing domain was registered on June 9, 2020, indicating that it may have been sending these messages to Instagram users over the past three or so weeks. The registrant information was made private so it isn’t possible to see who owns the domain, but WHO.is suggests — based on similar websites — that this phishing scam may originate from Russia. However, the information presented on The North Face Chile account points back to an alleged club located in Antalya, Turkey.
It’s impossible to say where this scam ultimately originates from and who is behind it. However, it is clearly an attempt to get email login credentials from unsuspecting Instagram users, likely in an attempt to then get access to the victim’s banking accounts and other, more sensitive accounts. Acquired information would likely be used for identity theft and/or financial fraud.
Instagram users should ignore any copyright violation messages that are delivered from random accounts in DMs and that encourage the user to visit a third-party website to resolve the matter. On Instagram’s help website, it explains how it handles copyright infringement, including the official method copyright holders, must use to contact the company over stolen content.
UPDATE: The North Face has confirmed to DPR that its Instagram account was hijacked by scammers:
The official Instagram account for The North Face Chile (@thenorthfacechile) was hijacked by hackers on Friday, June 26th, and we currently do not have access to the account. We took immediate action to activate security protocol by changing the passwords to all of our social network accounts and have reported the problem to Facebook and Instagram support teams. We are currently waiting on further information and direction from their teams.