Instagram Copyright Infringement is the Latest Phishing Scam Targeting Social Media

businessman hand pointing to padlock on touch screen computer as Internet security online business conceptFocused on compromising social media credentials, scammers trick Instagram users into giving up credentials and other personally identifiable information with convincing phishing emails.

A good scam is made up of a mixture of powerful emotional triggers to create urgency, familiar branding, and a seemingly recognizable user experience. This scam has them all. Users are sent an email purporting to be from Instagram informing them of a copyright infringement they need to address. Those that click the link are taken to a realistic-looking webpage that informs them they have the option to appeal the infringement or be blocked after 48 hours.

With social media users not wanting to be cut off from their precious platforms, appeal is the only real option. Next users are asked for their account details and birthdate (to facilitate compromise of their actual Instagram account).


Note that the web address even appears to provide some degree of credibility, using both “Instagram” and “copyrightinfringement” in the URL.

The challenge with these kinds of scams is that it’s completely plausible that someone would violate a social media platform’s terms of service. Users need to elevate their sense of security around unsolicited emails that are vague in nature (e.g., this scam never provides the specifics around what exactly was posted that infringed on someone’s copyright) despite the impersonated use of a well-known brand.

Users can be easily educated on such tactics – as well as why and how to incorporate security-mindedness into their daily work activity – using Security Awareness Training. Today, the attack is about copyright infringement; tomorrow, it will be about some other issue that demands your users’ attention. Putting them through continual Security Awareness Training will help users to know how to identify suspicious emails, webpages, links, etc., allowing them to safely ignore or bypass the threat.

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews