Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Copyright Infringement Warning as Phishbait

Stu Sjouwerman | Oct 2, 2019
iStock-458261479

Scammers are using fake copyright infringement warnings to trick people into handing over their Instagram credentials, Naked Security reports. The warnings arrive in emails that appear to come from Instagram and warn recipients that their accounts will be suspended if they don’t file an objection within twenty-four hours. If a recipient clicks on the link to file the objection, they’ll be taken to a phishing page that imitates Instagram’s appearance.

After a victim enters their username and password to supposedly file an appeal, they’ll see a loading page followed by a green checkmark and a message telling them their appeal has been filed. Finally, the site will redirect them to Instagram’s real login page.

Once the scammers have gained access to an Instagram account, they can use it for information gathering, monetization, or spreading additional phishing schemes to the account’s contacts.

Naked Security notes that the phishing site in this case has a long URL beginning with “instagram[.]copyrightinfringementappeal.” The use of two subdomains makes it difficult for users to see that the primary domain is fraudulent. Mobile devices are particularly susceptible to this technique, since they have less screen space to show the URL.

However, Naked Security also points out multiple red flags that could have alerted users to the fraud. First, the email and website both contained obvious typos and grammatical errors. Second, the email was sent from a Turkish hosting company and the phishing site was hosted on a “[.]cf” domain, which is the country code for the Central African Republic. Finally, a Google search could have revealed that Instagram’s copyright appeals process doesn’t actually work like this.

If someone doesn’t know to look for these red flags, however, it’s not hard to imagine them falling for this scam. New-school security awareness training can help your employees recognize signs of social engineering before they send their password to an attacker. Naked Security has the story: https://nakedsecurity.sophos.com/2019/09/24/instagram-phish-poses-as-copyright-infringement-warning-dont-click/

Topics: Phishing Security Awareness Training

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Version_2F_225x600

Posts By Topic

View all topics >