Phishing Attack Tricks Instagram Users via Fake 2-Factor Authentication

Two-factor authentication (2FA) has been a boon for users who want a simple method of strengthening the security of their online accounts. However, it’s not a foolproof method of keeping attackers away. In fact, 2FA — or at least its notifications — is being abused by cybercriminals to scam users of Instagram in hopes of obtaining the very thing the social media account owners want to protect: their user login credentials.

[READ: Machine learning-powered security technology can help stem the tide of credential phishing]

According to a blog post by Sophos, the sneaky phishing attack starts with an email notifying the potential victim that their Instagram account has experienced an unauthorized login. Included in the email is a six-digit code and an embedded link, purportedly leading to an Instagram confirmation page. The message mentions that the user will need to confirm their identity by visiting the link.

Once the link is clicked, the user is redirected to a convincing-looking fake Instagram login page. While the attackers do a good job of replicating the legitimate page, the most obvious sign that it is in fact a phishing website is the URL, which uses .cf, the internet country code top-level domain for the Central African Republic. Another telltale indicator that the page is fake is the lack of a Facebook login button. However, people who don’t use Facebook to log in to their Instagram accounts may not be familiar with the button.

An interesting aspect of the phishing website is that it uses a valid HTTPS certificate, which matches up  well with the findings that phishing websites using the HTTPS protocol have been on the rise.

The hackers can do a variety of things with the stolen credentials. They can, for example, used the credentials to access other services that use social media accounts for logging in. Threat actors can also use compromised accounts to gather intelligence on their victims, which can include personal information. They can also perform digital extortion on the owners of the accounts, which can even extend to social media users with plenty of followers.

Defending against phishing attacks

Although 2FA remains a valid and highly useful tool, users should not be complacent and rely on it alone, especially when fake 2FA notifications can be used for malicious purposes. As always, users should combine their existing security tools with best practices that can help against phishing, such as:

  • Being on the lookout for red flags. Users should always check the sender’s email to see if it matches with whom they claim to be. Furthermore, a considerable number of spelling and grammatical errors can be a sign that the email is part of a phishing attack.
  • Avoid clicking on links and downloading attachments. Cybercriminals often use file attachments and links embedded in the message body as the main entry points for gaining access to user account credentials. Users should therefore refrain from clicking on any links or downloading any attachments unless they are certain of the legitimacy of the sources.

Trend Micro solutions powered by machine learning

To bolster their security capabilities and further protect their end users, organizations can consider security products such as the Trend Micro Cloud App Security solution, which uses machine learning (ML) to help detect and block phishing attempts. If a suspected phishing email is received by an employee, it will go through sender, content, and URL reputation analysis, which is followed by an inspection of the remaining URLs using computer vision and AI to check if website components are being spoofed. The solution can also detect suspicious content in the message body and attachments, and provide sandbox malware analysis and document exploit detection.

 

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.