The technology company Kaspersky Lab issued a warning about a fraudulent campaign in Latin America, which passes as an Instagram message appealing to the user's fear that his account has been hacked.
Using e-mails phishing On behalf of the Social Network Security Department, scammers report an alleged change to the phone number associated with the account and encourage the victim to reverse the switch through a link.
By clicking, the user comes to a page that is actually optimized for mobile devices, prompting him to enter his Instagram credentials. By doing so, victims will transfer their information to the criminals behind this campaign.
In this way, cybercrime controls the user's account to extort it, claim an amount to recover it, or to spread malicious content, phishing, and spam.
This is particularly worrying because Instagram is not only one of the world's most popular social networks, but also the source of income for many entrepreneurs, influencers, models and celebrities.
Beware of fake websites
A survey of the company showed that during the first half of 2018 its products avoided approx. 68,000 attempts to visit pages phishing using the Instagram tag.
When you review the details of the email associated with this campaign, it can be seen that it comes from an address at [email protected] – which has nothing to do with the social network.
In addition, the link included in the email to "reverse" the changes takes the user to http: // www[.]instagramsecurityhelp[.]somee[.]com /, a domain that is also not associated with Instagram.
"The popularity of social networks and the poor online practices of users allows this type of basic attack to produce good results for cyber criminals," said Dmitry Bestuzhev, director of the research and analysis group of Kaspersky Lab Latin America.
"In this case, the attacker invested only one dollar for hosting virtual servers, allowing you to open accounts at low prices and thus launch this type of campaign effectively and anonymously," he added.
To avoid becoming a victim, Kaspersky Lab offers the following tips:
– Don't click on suspicious links. If you have questions about the link included in an email, visit the company's official website and search for the relevant information there.
– Always check the URL in the address bar of the webpage. If Instagram.com instead appears as 1stogram.com, leave it alone and avoid entering personal information on this type of page.
– Download only the official store search like Google Play for Android or the App Store for iOS.
– Do not use your login data for approval in third party services and applications.
– Use an anti-malware solution that protects your devices, identity and information from malware, phishing links, and other threats that could put your information and device at risk.