Crooks recently attempted to spoof the Instagram app by stealing compromised accounts belonging to 22,000 Instagram employees.
The company today announced that it was an unsuccessful attempt carried out in an institution located in the Ministry of Education. However, they failed to name which one it was.
Hackers have attempted to target so many users on the Instagram app using tactics such as phishing emails, spoofing Instagram accounts and even notifying various recipients of some unusual logins through unrecognized devices .
This particular email attack had been socially engineered and contained all sorts of very specific information for a recipient, such as their account ID on the app.
The idea was to install some trust regarding the email and make sure it was legitimate from the app. Remember that any unusual form of login invites users to review details while securing accounts that follow fake reports having unauthorized access. So this particular message was meant to send alarm bells and add urgency so that the victims could take notice.
Hackers attempt to force victims to click on links that would redirect them to fake landing pages created to exfiltrate data for logins.
The fake landing pages were designed with the “That wasn’t me” theme and had action buttons tied to that. Hence, the victims navigate to the second fake landing page. In the end, it just prompts users to change account information because someone else has their respective login information.
Phishing attacks that have the credential link attached, like this one, are uniquely designed to extract and deliver credentials directly to the attacker. Additionally, you will see victims fall into large attacks that exploit common workflows.
In this particular example, the victims were told to follow the steps they felt protected them from such an example.
Meanwhile, the cybersecurity firm claims that this phishing email bypassed security checks that belonged to Microsoft’s native email credentials. Additionally, the attackers involved used real domains to spread fake emails.
The sender ended up getting a good score for reliability and as a result, no signs of infection were discovered in the last 12 months of existence.
These emails were destined for a staggering 22,000 mailboxes and they were meant for delivery. But, it had been detected by Armorblox because it involved malicious URLs.