Fake Instagram Message Attacks Breach Email Security

Cyber phishing attack have targeted 22,000 students attending US national education institutions with a campaign that impersonated a popular social media platform. These cyber attackers targeted students with a sophisticated phishing campaign that impersonated Instagram. 

The unusual aspect of the campaign is that they used a valid domain in an effort to steal credentials, bypassing both Microsoft 365 and Exchange email protections in the process. 

The information comes from security experts at Amorbiox, who highlighted the new threat in a recent advisory notice. “Attackers targeted employees at a national institution within the Education Industry, with an email attack that spoofed the global social media brand Instagram in an attempt to steal victims’ user credentials,”

According to Armorblox, the subject of this email encouraged victims to open the message. "The goal of this subject was to induce a sense of urgency in the victims, making it seem an action needed to be taken in order to prevent future harm." 

The phishing campaign consisted of an initial email that encouraged the victims to open the message, inducing a sense of urgency in the victims and making it appear as though action needed to be taken in order to protect their accounts.

The email appears to have come from Instagram support as the sender’s name, Instagram, and email address matched Instagram’s legitimate credentials. The attack was engineered to contain personal information about the recipient, such as his or her Instagram user handle. This established trust between the recipient and the sender of the email, as the message appeared to be legitimate email communication from Instagram. 

Once victims clicked on a link in the email, a fake landing page opened that included Instagram branding and details. The page was designed to steal the user’s credentials.  

Armorblox:    Dark Reading:     Oodaloop:      Infosecurity- Magazine:    ITSecurityGuru:    

You Might Also Read: 

Secure Your Personal Email & Social Media Accounts:
 

« Cybersecurity Risk Management In The Real World
What Should CISO’s Look Out For In 2023? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Towergate Insurance

Towergate Insurance

Towergate Insurance is a leading UK specialist insurance broker. Business products include Cyber Liability Insurance.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

CryptoNext Security

CryptoNext Security

CryptoNext provides optimal end-to-end post-quantum cybersecurity remediation tools and solutions for IT/OT infrastructures & applications.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.