Like viruses, hackers and phishers are constantly evolving to stay alive. The Instagram copyright infringement scam is the latest proof.
They will do whatever they can to convince you to fork over your valuable account credentials. Their latest attempt is to trick you into believing you’ve infringed on copyright.
Let’s look at this growing phenomenon and see how to protect yourself.
The Basics of the Instagram Copyright Infringement Scam
Hackers have gotten greedy with this scam. Not only do they try to get your Instagram credentials, but they try to snag your email login info as well.
Like most phishing scams, it always starts with an official-looking email:
It’s phishing at its best. The scammers immediately get you into your emotions by making you think you’re in trouble. That usually inhibits your ability to think critically or inspect the email.
It looks legit, but something is off if you take a closer look.
It was sent from an email address ending in “@theinstagram.team.” Why wouldn’t they use an email connected directly to Instagram.com? Because they’re imposters.
But since you may now be afraid of getting your account shut down, you don’t look that closely and click on the ‘verify account’ icon. To add urgency, the email usually states that you only have 24 or 48 hours to verify your account.
Once you click forward, you’re sent to another convincing phishing page that lets you ‘appeal’ the infringement notice. To make it look even more official, the hackers offer you various language choices, none of which work (except English).
You must log in to your Instagram account to appeal this fake notice.
According to Kaspersky, you’re then asked to ‘verify your feedback’ and ‘check if your e-mail account matches the Instagram account.’
Spoiler alert: they then ask for your email login information.
Who Are They Targeting, and How Can You Protect Yourself?
It appears these phishers are mainly targeting influencers and celebrities for now. That’s likely because their sensitive information is more valuable on the Dark Web.
But these types of phishing emails have traditionally been sent to all users, regardless of their fame.
Luckily, there are steps you can take to secure your Instagram account.
You want to enable two-factor authentication for your account. This way, even if a hacker obtains your login credentials, they still won’t be able to access your account. To set up 2FA, click ‘settings’ > ‘security’ > ‘two-factor authentication’ and choose the type of 2FA you’d like.
Always use a strong, varied password for your accounts.
Remove access to third-party applications.
And, of course, never click on suspicious links. If you get an email from an app like Instagram asking for your login credentials, an alarm should be blaring in your head.
Scan emails for suspicious details, and if you click on a website, check the URL to ensure it’s the official site you think you’re at. After all, in most phishing cases, the hackers can only access as much as you allow them.
Featured image by TY Lim via Shutterstock.com