Scammers are using fake copyright notices to obtain login credentials from Instagram users, cybersecurity firm Kaspersky reveals. The recipients are told that their account will be suspended for copyright infringement within 24 hours. They can, however, “verify” their account if they believe it’s a mistake.
There is no denying that many people spend several hours per day on their social media accounts.
Those who gain enough status on sites such as Instagram can even make a living out of it.
When this livelihood is threatened, panic and fear can ensue. This is something scammers are well aware of and some are gladly exploiting it for their benefit.
According to cybersecurity company and anti-virus provider Kaspersky, a new phishing scheme that uses fake copyright notices is “gaining momentum.” The email campaign uses an Instagram letterhead and warns recipients that their accounts will be suspended.
“We regret to inform you that your account will be suspending because you have violated the copyright laws. Your account will be deleted within 24 hours. If you think we make a mistake please verify, to secure your account,” the email reads.
Most native speakers will spot the grammatical errors, which should sound the alarms bells. On the other hand, people who are less fluent in English, or don’t read closely, might easily be drawn to the “verify account” button which leads to a heap of trouble.
“If you click it, you end up on a convincing phishing page, where fraudsters put an image saying they care very much about copyright protection and offer you a link to ‘Appeal’,” Kaspersky writes.
People who click the appeal link will be asked to enter their Instagram credentials, which will obviously be stolen. And while the scammers are at it, victims are also asked to verify their email addresses.
“We need to verify your feedback and check if your e-mail account matches the Instagram account,” the fake notice reads. Those who proceed will be asked to choose their email provider and submit their address and password, which undoubtedly be stolen as well.
None of these phishing tricks are new and it appears that this scam has been running for a few months already. What’s interesting, however, is that copyright infringement is used as a threat to spur people into action.
With all the recent talk about upload filters and disappearing memes, people are likely to be more susceptible to fall for this scheme than an ordinary “verify your account” email. Especially if their precious social media accounts are supposedly at risk.
Many thanks to TorrentFreak for the breaking news.