Instagram Copyright Infringement is the Latest Phishing Scam Targeting Social Media



businessman hand pointing to padlock on touch screen computer as Internet security online business conceptFocused on compromising social media credentials, scammers trick Instagram users into giving up credentials and other personally identifiable information with convincing phishing emails.

A good scam is made up of a mixture of powerful emotional triggers to create urgency, familiar branding, and a seemingly recognizable user experience. This scam has them all. Users are sent an email purporting to be from Instagram informing them of a copyright infringement they need to address. Those that click the link are taken to a realistic-looking webpage that informs them they have the option to appeal the infringement or be blocked after 48 hours.

With social media users not wanting to be cut off from their precious platforms, appeal is the only real option. Next users are asked for their account details and birthdate (to facilitate compromise of their actual Instagram account).

Phishing%20email,%20interstitial,%20and%20landing%20page

Note that the web address even appears to provide some degree of credibility, using both “Instagram” and “copyrightinfringement” in the URL.

The challenge with these kinds of scams is that it’s completely plausible that someone would violate a social media platform’s terms of service. Users need to elevate their sense of security around unsolicited emails that are vague in nature (e.g., this scam never provides the specifics around what exactly was posted that infringed on someone’s copyright) despite the impersonated use of a well-known brand.

Users can be easily educated on such tactics – as well as why and how to incorporate security-mindedness into their daily work activity – using Security Awareness Training. Today, the attack is about copyright infringement; tomorrow, it will be about some other issue that demands your users’ attention. Putting them through continual Security Awareness Training will help users to know how to identify suspicious emails, webpages, links, etc., allowing them to safely ignore or bypass the threat.


Free Social Media Phishing Test

Would your users fall for a phishing email that looks like it originated from a credible social media site such as Facebook, LinkedIn or Twitter? Attackers use social media to target both your brand, your users, and even your customers by distributing malware or using social engineering to phish for credentials. These platforms have become a goldmine for the bad guys to carry out social media phishing attacks against your organization. Don't get hacked by social media phishing attacks!

SPT-monitorHere’s How the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

Don't like to click on redirected buttons? Copy & paste this link into your browser:
https://www.knowbe4.com/social-media-phishing-test

Subscribe To Our Blog


Domain Spoof Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews