Cybercriminals are constantly finding new ways to manipulate and deceive in an increasingly sophisticated digital landscape. A recent phishing campaign aimed at our company’s Instagram profile, @Hackedcom, illustrates the ingenuity and specificity that these criminals are employing.
The Deceptive Email
Hello Dear @hackedcom,
jonas.borchgrevink@hacked.com
Your account has been reviewed by us, and you have been found eligible for the verified badge.
The verified badge is a verified checkmark that appears next to the name of the Instagram account in search and on the profile.
This means that Instagram has confirmed the authenticity of the public figure, celebrity, or brand represented by the account.
There are several verification steps that need to be completed before the badge can be added to your account. You can proceed to the link below to complete these steps.
Sincerely, the lnstagram Team.
Go to verification
Upon receiving this email, several elements raised suspicion:
- Inconsistencies in Language and Formatting: The text contained grammatical and stylistic errors uncharacteristic of professional communication from Meta, the parent company of Instagram.
- Sender Discrepancy: The email originated not from an official Meta domain (such as facebook.com, meta.com, or instagram.com), but from contact@bluetickconnect.com.
- Unusual Content: As a company that closely monitors digital security trends, we recognized that this email’s content was not aligned with Meta’s standard communication.
These red flags prompted an investigation.
The Investigation
We first utilized a redirect checker, specifically https://wheregoes.com/, to understand where the link in the email led. The result was as expected:
We then opened the link metaviewsecure-com/verify-status/(do not click or visit this link) in a secure TOR browser with a second VPN enabled. This led to a site that, although mimicking the appearance of Meta’s official website, was unmistakably fraudulent.
Key Takeaways
- Recognize the Signs: Emails from Meta will never look like the example above. Be aware of inconsistencies in language and formatting.
- Verify the Sender: Always ensure the sender’s email address matches the organization they represent.
- Exercise Caution with Links: If a link in an email seems questionable, copy it and paste it into a redirect link checker software. Never click on an unfamiliar link directly.
- Take Action: Block the sender and promptly report the email to relevant authorities and your Chief Information Security Officer (CISO).
While we typically refrain from publishing stories about phishing campaigns, this incident’s unusual nature and potential widespread impact on companies and influencers using Instagram necessitate awareness and vigilance. Stay informed and exercise caution, as cyber threats evolve and target unsuspecting victims.
Featured image by Midjourney and Jonas Borchgrevink.