Fake Instagram Message Attacks Breach Email Security

Cyber phishing attack have targeted 22,000 students attending US national education institutions with a campaign that impersonated a popular social media platform. These cyber attackers targeted students with a sophisticated phishing campaign that impersonated Instagram. 

The unusual aspect of the campaign is that they used a valid domain in an effort to steal credentials, bypassing both Microsoft 365 and Exchange email protections in the process. 

The information comes from security experts at Amorbiox, who highlighted the new threat in a recent advisory notice. “Attackers targeted employees at a national institution within the Education Industry, with an email attack that spoofed the global social media brand Instagram in an attempt to steal victims’ user credentials,”

According to Armorblox, the subject of this email encouraged victims to open the message. "The goal of this subject was to induce a sense of urgency in the victims, making it seem an action needed to be taken in order to prevent future harm." 

The phishing campaign consisted of an initial email that encouraged the victims to open the message, inducing a sense of urgency in the victims and making it appear as though action needed to be taken in order to protect their accounts.

The email appears to have come from Instagram support as the sender’s name, Instagram, and email address matched Instagram’s legitimate credentials. The attack was engineered to contain personal information about the recipient, such as his or her Instagram user handle. This established trust between the recipient and the sender of the email, as the message appeared to be legitimate email communication from Instagram. 

Once victims clicked on a link in the email, a fake landing page opened that included Instagram branding and details. The page was designed to steal the user’s credentials.  

Armorblox:    Dark Reading:     Oodaloop:      Infosecurity- Magazine:    ITSecurityGuru:    

You Might Also Read: 

Secure Your Personal Email & Social Media Accounts:
 

« Cybersecurity Risk Management In The Real World
What Should CISO’s Look Out For In 2023? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.