DEV Community

Garrett / G66
Garrett / G66

Posted on • Updated on • Originally published at

Instagram Phishing Attack 2019

Personal Cyber Security Tips!

Note: This "Instagram Phishing Attack 2019" video is the extended version of a 60 second video originally posted on my Instagram. It addresses you as if you were viewing this on Instagram.

Hey, so I came back to Instagram because I realized that I was forgetting about you and you also need to know about what's going on.

How to make sure you're safe from security attacks and stuff like that.

Especially Instagram hacks,  which is why I'm here today.

There's an Instagram phishing attack going around.

The Instagram Phishing Email

Here you can see the email that comes in.

Screenshot of the Instagram Phishing Attack email.
Screenshot mine but I was looking at the Sophos Naked Security website.

It's not something that's going to be on Instagram. It's going to be an email that's going to come to you and you can tell by the really poor English in this: we sorry, we your account.

It's just bad and that's really the first tip-off.

You should know when you look at something like this and it has terrible English that it's it's not going to be legit.

It's not ever legit.

Social Engineering Tactics Used

If you click on the button, it takes you to a copyright notice with more terrible English and it says that your account is going to be deleted in 48 hours.

Screenshot of the Instagram Phishing Attack fake Copyright Notice.
Screenshot mine but I was looking at the Sophos Naked Security website.

That deletion, in 48 hours, is important because it makes you feel a sense of emergency and a sense of immediacy.

That's a social engineering trick and also a marketing trick.

It makes you feel like you need to act now because you've put a lot of hard work into your Instagram.

You don't want it to be deleted in the next 48 hours, right? Or 24 hours, or whatever.

The Instagram Phishing Form

It asks you for some information. Your, birthday, which is a little weird, but I think they just do that to sort of try to help make this feel real. They also ask for your password.

Screenshot of the Instagram Phishing Attack form.
Weird thing about that cursor...this screenshot was on my phone. Screenshot mine but I was looking at the Sophos Naked Security website.

I haven't actually looked at this in person other than these screenshots because I have not received the email but I'm assuming it asks for your username at some point, too.

When you put all this in it's going to give you a pretty realistic looking loading button, a loading screen and then a copyright notice that also looks pretty legit and  a positive check mark saying "hey you submitted it" and it looks legit.

It then sends you to Instagram for real. The real Instagram, where you can log in and actually look at your account.

All of this makes it seem like it's real and they do a really great job of that.

It's really easy to be caught off guard unless you pay attention to really important stuff like the spelling.

How to Protect Yourself from Instagram Phishing Attacks

Really the best way to protect yourself against this kind of stuff is just kind of pay attention, be suspicious of anything that comes to you, especially if you didn't actually do what they're saying you did.

The terrible English is really the first major tip off.

That one was really bad and a lot of them really are.

Some of them are actually not so bad and that's tough.

A lot of people have experienced this on YouTube that are legit and they do... It's a real YouTube email that really comes from YouTube.

But of course doesn't ask for your password.

That's another thing you should get suspicious: if it's asking your password you definitely need to do a little bit of research.

The main thing is check out the URL up at the top if you're suspicious.

Just do a search on Google or whatever. "Is this a thing?"

Or you can always reach out to a website support and say, "hey is this legit?"

Most likely they're going to be like "no that's not! Please don't do that. Also change your password now anyway!"

But you should be changing your passwords every 90 days or so anyway.

Hopefully this helps you stay safe on Instagram.

Don't do that. Don't lose your Instagram account. I want to see you here tomorrow and not a bunch of spam.

Sometimes stuff pulls the wool over our eyes and gets us. Sometimes our information gets out there other ways (like through breaches). We can minimize the damage with just a few actions. Get the free 5 step guide to clean up your digital footprint.

Top comments (0)