Copyright Infringement Notice to Instagram Users Serves as Newest Phishbait

Copyright Infringement Instagram PhishbaitScammers are sending phony accusations of copyright infringement to Instagram users in a new phishing attack, Paul Ducklin writes at Naked Security. The scammers are taking advantage of the fact that many Instagram pages with large followings are concerned about being banned for posting copyrighted content.

The attackers are sending emails with a link to appeal the bogus accusation. If a user clicks the link, they’ll be taken to a spoofed Facebook page that has a picture of a real post from the user’s Instagram page. The page then asks the user to enter their password to login to their Instagram account, which will be sent to the attackers. After this, the user will be redirected to the real Instagram copyright page, which helps avoid any suspicion.

Ducklin offers the following advice to avoid falling for these scams:

“Don’t click ‘helpful’ links in emails. Learn in advance how to handle Instagram copyright complaints, so you know the procedure before you need to follow it. Do the same for the other social networks and content delivery sites you use. Don’t wait until after a complaint arrives to find out the right way to respond. If you already know the right URL to use, you never need to rely on any link in any email, whether that email is real or fake.

“Think before you click. Although the website name in this scam is somewhat believable, it’s clearly not or, which is almost certainly what you would expect. We hope you wouldn’t click through in the first place (see point 1), but if you do visit the site by mistake, don’t be in a hurry to go further. A few seconds to stop and double-check the site details would be time well spent.

“Use a password manager and 2FA whenever you can. Password managers help to prevent you putting the right password into the wrong site, because they can’t suggest a password for a site they’ve never seen before. And 2FA (those one-time codes you use together with a password) make things harder for the crooks, because your password alone is no longer enough to give them access to your account.

“Talk to a friend you know face-to-face who’s done it before. If you are active on social media or in the blogosphere, you might as well prepare in case you ever get a copyright infringement notice for real. (We’re assuming the accusation will be false, but the complaint itself will actually exist.) If you know someone who has already gone through the genuine process once, see if they’ll tell you how it went in real life. This will make it much easier to spot fake complaints in future.”

New-school security awareness training can help your employees follow security best practices so they can avoid falling for social engineering attacks.

Naked Security has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews