Fake Instagram Message Attacks Breach Email Security

Cyber phishing attack have targeted 22,000 students attending US national education institutions with a campaign that impersonated a popular social media platform. These cyber attackers targeted students with a sophisticated phishing campaign that impersonated Instagram. 

The unusual aspect of the campaign is that they used a valid domain in an effort to steal credentials, bypassing both Microsoft 365 and Exchange email protections in the process. 

The information comes from security experts at Amorbiox, who highlighted the new threat in a recent advisory notice. “Attackers targeted employees at a national institution within the Education Industry, with an email attack that spoofed the global social media brand Instagram in an attempt to steal victims’ user credentials,”

According to Armorblox, the subject of this email encouraged victims to open the message. "The goal of this subject was to induce a sense of urgency in the victims, making it seem an action needed to be taken in order to prevent future harm." 

The phishing campaign consisted of an initial email that encouraged the victims to open the message, inducing a sense of urgency in the victims and making it appear as though action needed to be taken in order to protect their accounts.

The email appears to have come from Instagram support as the sender’s name, Instagram, and email address matched Instagram’s legitimate credentials. The attack was engineered to contain personal information about the recipient, such as his or her Instagram user handle. This established trust between the recipient and the sender of the email, as the message appeared to be legitimate email communication from Instagram. 

Once victims clicked on a link in the email, a fake landing page opened that included Instagram branding and details. The page was designed to steal the user’s credentials.  

Armorblox:    Dark Reading:     Oodaloop:      Infosecurity- Magazine:    ITSecurityGuru:    

You Might Also Read: 

Secure Your Personal Email & Social Media Accounts:
 

« Cybersecurity Risk Management In The Real World
What Should CISO’s Look Out For In 2023? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Northwave

Northwave

Northwave is 100% focused on providing integrated high quality information security services.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

Dion Training Solutions

Dion Training Solutions

Dion Training Solutions offer comprehensive training in areas such as project management, cybersecurity, agile methodologies, and IT service management.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.

UFS Technology

UFS Technology

UFS, the bank technology outfitter for community banks, provides purpose-built, bank-exclusive technology services and solutions including cybersecurity.