New Phishing Campaign Steals Instagram Backup Codes

Trustwave SpiderLabs has discovered a new strain of Instagram โ€œCopyright Infringementโ€ phishing emails that aim to steal the victimโ€™s Instagram backup codes by bypassing the two-factor authentication (2FA) offered on the account.

Two-factor authentication is a method of adding additional security that requires two forms of identification to access resources and data when logging into the account.

This extra layer of security is an effective way to protect your account against many security threats that steal personal information, such as phishing, brute-force attacks, credential exploitation, and more.

When configuring two-factor authentication on Instagram, the site also generates eight-digit backup codes for users as an alternative means of accessing the account, in caseย you are unable to verify your account using 2FA.

In this latest phishing attempt,ย the email message, which claims to be from Instagramโ€™s parent company, Meta, says that the recipientโ€™s Instagram account has infringed copyrights. It further urges the recipient to file an appeal within 12 hours by clicking the โ€œappeal formโ€ button in the email, or else the account will be permanently deleted.

Clicking on the button takes the recipient to a fake Meta site impersonating Meta’s central portal for violations, where they click the button โ€œGo to Confirmation Form (Confirm My Account),โ€ which then redirects them to the actual phishing website.

The phishing site, which poses as a fake Meta โ€œAppeal Centerโ€ portal, is hosted on a newly created domain.ย Once the user clicks the โ€œCONTINUEโ€ button, the recipients are requested to enter their username and password (twice).

After providing the passwords, the phishing site asks the user if two-factor authentication is enabled on the Instagram account, and, upon confirmation, it requests the 8-digit backup code.

The end result is that the threat actors have obtained all the information needed to log into the victim’s account. This stolen information can be used by cybercriminals and sold underground or used to take over the account.

โ€œTo prevent this from happening, do not share passwords or codes, and be cautious about how this data is stored. If compromised, change the password or regenerate new backup codes immediately,โ€ advises Trustwave SpiderLabs in a blog post.

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post