Cybercriminals are launching a novel attack on Instagram under the guise of ‘intellectual property’ law violations. This attack not only compromises the passwords of regular users but also targets the backup codes of users who have enabled two-factor authentication.
A team of researchers from the security firm Trustwave uncovered this cyber-attack. According to their findings, the hackers are deploying phishing tactics to steal Instagram’s backup codes.
The modus operandi involves:
- The hackers.
- Posing as Instagram’s parent company Meta.
- Sending counterfeit emails to users.
These emails contain a link to the purportedly from Meta’s Copyright Team.
Users are prompted to click the link to keep their account active and are directed to an ‘appeal form’. They are asked to input their Instagram account name and password.
Once the users enter this information, it falls into the hands of the hackers. If a user has activated the two-factor authentication feature on Instagram, the hackers coerce them into providing the backup code number.
TrustWave warned, “When we Look back at the redirection chain we can see the phishers using yet another free web provider, Bio Sites, to host initial phishing content that directs users elsewhere. As always, users need to be extra vigilant when clicking on links, especially because a website from this kind of platform is expected to host external links.”
With this information, the hackers can swiftly seize control of the Instagram account. Instagram’s two-factor authentication requires a new code each time a user logs in from an unfamiliar browser or mobile phone. This code is dispatched to the user’s mobile via SMS or email, ensuring the account’s safety even if the phone or password is compromised.
However, in this new wave of cyber-attacks, hackers are gathering passwords and two-factor security codes. Essentially, they bypass Instagram’s two-factor security strategy and gain control over users’ accounts.