Phishing attack: fake Instagram emails threatening account shutdowns

Insurance company targeted by the Instagram support staff email campaign

Insurance company employees targeted in phishing campaign

Phishing scams spread around trying to steal login information from users. Instagram emails threatening account shutdown for the fake content sharing attempted to pose as official technical support messages from the media company.^[1] Login credential of a large US life insurance company headquartered in New York under the target.^[2]

The research report^[3] shows that the attack impersonated brands and used social engineering methods to fool people into revealing these login details. The campaign managed to bypass the Google email security too. That was achieved by using valid domain names, so email messages reached accounts of hundreds of employees without triggering a warning or alert.

Credential phishing attacks pose a risk to businesses and the credentials of various platforms. Spoofing the design of a legitimate company and its representatives helps scammers to request verification of the membership or account. Users can easily fall for the scheme when those email messages look legitimate enough.

An email crafted to look like it is coming from Instagram support. The subject line simplistically read “Instagram Support” and the sender address was manipulated to read the same, at first glance.

Using work credentials for personal accounts – not a good idea

Users are often warned by various malware and cybersecurity researchers that using credentials for personal social media that can be linked with work accounts is a bad idea. The research shows that this type of attack is an example of what can go wrong. The email supposedly sent from the Instagram support team includes the email about a violation of copyright laws or other issues, and the recipient needs to respond in 24 hours.

This hurry might encourage them to skip through the details and red flags on the message, so scammers get what they wanted – people verify their login credentials letting the attacker hack their accounts. These credentials might be tried for more valuable accounts and profiles linked to the work issues, and this is where the danger comes from personal data exfiltration or direct hacking to a massive data breach. Especially, when such insurance companies are the target.

Clicking on the link included in the message leads to a page designed to collect all credentials that end up logged in the form. Armorblox report notes that attackers use Meta and Instagram logos to fake the real email messages and targeted prominent insurance company from the US to achieve their goal on a bigger scale.

Social engineering methods used to fake legitimacy

Creating urgency with the 24-hour time limit can help attackers to achieve their goals and encourage people to react to the message by verifying their login information that is collected for later scam purposes. Faking trust with the legitimate logos and email subject, domain names, can be successful in such social engineering attacks.^[4]

There were, however, some issues with the email. First, grammar mistakes and spelling fails in the body of this scam email. Instagram in the subject line was written with a lowercase L instead of uppercase I. The email sender was also using the outlook domain, but the “membershipform” before the @ might fool some.

These are red flags that people should look for when dealing with a suspicious email. Additional tips for protection would be not opening emails that are unexpected or sent from companies, social media platforms that you are not associated with. Some of these attacks can be targeted, so keep that in mind. One of the ways to keep yourself protected online is to follow multi-factor authentication practices.^[5]