Phishing remains as one of the main security risks. Specialists detail the mode of operation of a group of hackers, apparently Turkish, who have been stealing Instagram accounts using malicious emails that appear to be legitimate messages from the social network.
According to Trend Micro reports, this hacking group primarily targets Instagram accounts of celebrities, start-ups, athletes and other accounts with a considerable number of followers. The most recent break-in occurred on the account of a police officer with more than 15,000 followers.
Experts mention that, thanks to the influence a celebrity or company can have on Instagram, threat actors began paying attention to this social network, in an attempt to take control of accounts followed by tens or hundreds of thousands of users to make malicious posts, related to phishing campaigns, extortion, bank fraud, among other purposes.
Regarding the Turkish hacker group, experts say they employ a very simple strategy: it all starts by collecting login credentials exposed in previous incidents to exploit the Instagram account recovery process, deceiving the platform and taking control of the attacked account.
A frequently used trick is to send fake Instagram emails in which the user is assured that they can get the verified profile badge, leading to a phishing website where their login credentials will be extracted.
Although this scheme is effective, hackers are still trying to innovate. The phishing message is no longer sent via email, but potential victims receive it in their Instagram inbox. This message is allegedly sent by the Social Media Help Center, and mentions that the user has received a complaint about violating copyright law, so their account could be deleted. As in previous phishing campaigns, the message includes a link that redirects users to a malicious website.
This malicious site contains a form in which attacked users enter their username; It should be noted that this form accepts as valid any entry, even if entered with a non-existent username.
According to the experts, as you move to the next page, a screen will appear asking for more data, such as name, password, email address and password of that address.
After entering their credentials, users are redirected to the real Instagram login page, tricking the user into creating that they have not actually left the official page.
Hackers will also unlink the cell phone number of the original account owner to the account.
This is a risk to which any account with a good number of followers is exposed, so users should remain alert to any possible engagement attempts.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.