Instagram users should be on the lookout for fake copyright notices that have emerged as a new way to try and phish people into handing over the credentials of their accounts. As reported by Andy Day at Fstopppers and further expanded upon by Michael Zhang at PetaPixel, Day was supposedly sent by The North Face Chile (@thenorthfacechile) a direct message on Instagram 

Instagram phishing example email

The messages received by Day stated that “Copyright Infringement ! A copyright violation has been detected in a post on your account. If you think copyright infringement is wrong, you should provide feedback. Otherwise, your account will be closed without 24 hours. You can give feedback from the link below. Thank you for your understanding. Copyright Form; https://instagramhelpnotice.com/” 

Upon clicking on the link, the recipient is brought to a page that looks like it could be an official Instagram page where walking through the steps provided the recipient is asked to enter their username which then takes them to a second page where they are asked to enter their password.

 

Once the recipient has entered their username and password, they were directed to a instagramhelpnotice.com/mailindex.php where an email address and password was requested, which appeared to be the real target of the bad actors phishing attempt.

 

As many people use the same passwords for multiple accounts, getting access to their Instagram account would enable the bad actor to see the account details, and getting additional access to an email and password would allow unfiltered access to the recipient’s email account.

While this attack has only been encountered on the Instagram app, PhishingBox has verified that the links do work on a desktop and also look fairly convincing to the untrained eye. As sending an email from the domain would be a fairly easy way to target a larger number of people outside of the Instagram Direct Message platform, this could be a test to see whether or not using the messaging and landing pages in a more widespread attack via email could occur. Making sure that employees are able to recognize attacks like this and how to avoid them can help keep your organization safe.