{"id":25997,"date":"2019-03-15T05:26:16","date_gmt":"2019-03-15T09:26:16","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=25997"},"modified":"2019-11-15T06:28:38","modified_gmt":"2019-11-15T11:28:38","slug":"instagram-hijack-new-wave","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/instagram-hijack-new-wave\/25997\/","title":{"rendered":"Instagram accounts hijacked with fake copyright infringement notifications"},"content":{"rendered":"

Have you reached a few thousand followers on Instagram? More? Congratulations, you are insta-famous. Among other things, though, being an Instagram influencer means that it\u2019s quite possible that account thieves are after you. A new phishing scheme targeting popular accounts on Instagram is gaining momentum. Here is how it works.<\/p>\n

You\u2019ve got copyright violation notification<\/h2>\n

\u201cYour account will be permanently deleted for copyright infringement,\u201d claims an e-mail notification that looks very official. It has the usual Instagram header and logo, and the e-mail address in the From<\/em><\/em> field is extremely close to a legitimate one: In most cases it\u2019s either mail@theinstagram.team or info@theinstagram.team.<\/p>\n

The e-mail claims that you have just 24 hours (in some versions it\u2019s 48 hours) to appeal and provides a \u201cReview complaint\u201d button. If you click it, you end up on a convincing phishing page, where fraudsters put an image saying they care very much about copyright protection and offer you a link to \u201cAppeal.\u201d To make the scam look even more legitimate, they offer a long list of language choices, although it doesn\u2019t work \u2014 whatever you click, the phishing page always remains in English.<\/p>\n

\"A<\/a><\/p>\n

As soon as you click the \u201cAppeal\u201d link, you are invited to input your Instagram credentials. And that\u2019s not the end. Immediately, another message appears: \u201cWe need to verify your feedback and check if your e-mail account matches the Instagram account,\u201d it says. Click \u201cVerify My E-mail Address,\u201d and you\u2019ll see a list of e-mail providers. If you choose yours, you\u2019ll be invited to submit both your e-mail address and (surprise!) the password for your e-mail account.<\/p>\n

Then, a \u201cWe will review your feedback\u201d reply appears, but only for few seconds. After that you\u2019ll be redirected to a real Instagram\u2019s website \u2014 another simple trick that lends additional credibility to the scam.<\/p>\n

It\u2019s not the first time when Instagram influencers are targeted by scammers. The first wave of phishing was tempting users to apply for a blue \u201cVerified\u201d account badge<\/a>.<\/p>\n

How to protect your Instagram account<\/h3>\n

As soon as your data goes to the scammers, they can take over your Instagram profile and modify the information you need to recover it. From there, they can start demanding ransom to give the account back to you, or start spreading spam and all kinds of malicious content using your hijacked account \u2014 not to mention what might happen<\/a> if you give away your e-mail password to the scammers too.<\/p>\n

Some tips on how to protect your Instagram account:<\/p>\n