April 26, 2024

A credential phishing attack campaign impersonating Instagram reportedly targeted thousands students at national educational institutions

The email seemed to have come from Instagram support, with the sender’s name, Instagram, and email address matching Instagram’s real credentials.

This targeted email attack was socially engineered, containing information specific to the recipient like his or her Instagram user handle in order to instill a level of trust that this email was a legitimate email communication from Instagram.

Advertisements

Once users clicked on a link in the email, a fake landing page opened, which included Instagram branding and details around the unusual login attempt detected, alongside a ‘This Wasn’t Me’ button. Upon clicking on the button, victims were directed to a second fake landing page designed to exfiltrate sensitive user credentials.

The email attack used language as the main attack vector and bypassed native Microsoft email security controls. It passed both SPF and DMARC email authentication checks.

Email from instagramsupport.net should be viewed as suspicious as Instagram’s domain is instagram.com.

The advisory comes from security firm Armorblox

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

GitLab April 2024 Security Advisory – CVE-2024-2434

April 26, 2024

CISA KEV Update April 2024 – Part II

April 25, 2024

ArcaneDoor Exploits Cisco ASA and FTD

April 25, 2024

Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058

April 24, 2024

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading