Copyright violation warnings have been used as an enticement in phishing attacks by cybercriminals. Sophos discovered cybercriminals attacking Instagram users this time.
If you have ever posted a picture that wasn’t yours on Instagram in an attempt to acquire more followers. If that’s the case, a message like the one below can intimidate you into acting.
“We received a complaint regarding a post on your Instagram account recently. Copyright infringement has been reported on your post. If no objections are raised to the copyrighted material, your account will be deleted. Please fill out the objection form using the link below if you believe this determination is erroneous,” a fraudulent Instagram message reads.
Hackers present you with an “appeal” link that leads to the fb.notify.com page, which is run by fraudsters, to make things “simpler” for you. Your account statistics, which are accurate by the way, are included on the page, as well as a picture from your Instagram profile. In a blog post, cybersecurity firm Sophos pointed out that the email itself infringes copyright.
The next phase entails you accessing the account. The website then claims you entered your credentials incorrectly and instructs you to try again, presumably as a convenient way for the criminals to dismiss login attempts where the user obviously just entered random characters on the keyboard to see what would happen next.
You will receive notification that your appeal has been successfully submitted after correctly typing your credentials. Lastly, the fraudsters send you to the official Instagram copyright page, probably to give the impression that you are on a legitimate website.
“Credentials on social media are much more valuable than you might assume. First, the criminals gain access to an account without bothering to create a new one. Second, it offers attackers immediate and convincing accessibility to pitch dubious investments as well as other things to your friends and family,” Sophos Senior Technologist Paul Ducklin noted in a published statement.
The fraud isn’t new, and it’s been perpetrated on a number of other people. However, fraudsters continue to take advantage of infringement warnings, indicating that the business is still prospering.
1. Do not click on “informative” email links. Understand how to manage copyright concerns on Instagram ahead of time so you’ll be prepared when you need to use it.
2. Assess what you’re doing before you click. Even though the website name in this hoax is somewhat convincing, it is obviously not instagram.com or facebook.com, as you might assume.
3. When possible, use a password manager and two-factor authentication. Because they can’t advise a password for a website they’ve never seen before, password managers can assist you to avoid entering the proper password in the incorrect place. And two-factor authentication (one-time codes used in conjunction with a password) makes things more difficult for criminals because your password is no longer adequate to get them access to your account.
4. Have a face-to-face conversation with friends who may have done it before. If you use social media or blog, you should be prepared in case you ever receive a legitimate copyright infringement notification.