A highly convincing Instagram phishing campaign has been identified that uses warnings about attempted fraudulent logins to trick users into visiting a phishing webpage where they are required to confirm their identity by signing in to their account.
The messages include the Instagram logo with a warning that someone attempted to login to the user’s Instagram account. The message is a virtual carbon copy of the genuine 2-factor authentication messages that are sent to users to confirm their identity when a suspicious login attempt is detected.
The messages include a 6-digit code that must be entered when logging into the account, together with an embedded “sign in” hyperlink. The user is told to login to confirm their identity and secure their account.
The messages are well written, although there are some punctuation errors which suggest that the email may not be what it seems. These could easily be overlooked by someone worried that their account has been hacked.
Not only is the message almost identical to Instagram’s 2FA warning, the website to which the user is directed is also a perfect clone of the genuine Instagram login page. The webpage has a valid SSL certificate and starts with HTTPS and displays the green padlock to confirm that the connection between the browser and the web page is secure.
The only sign that the web page is not genuine is the domain name. The scammers have chosen a free .CF – Central African Republic – domain name, which is a clear indication that the web page is a fake. However, the presence of HTTPS and a green padlock could fool many people into providing their login credentials in the mistaken belief they are on a secure website.
Many people mistakenly believe that the presence of HTTPS at the start of a website and a green padlock means the website is genuine and secure. However, the green padlock only means the connection between the browser and the website is secure and any sensitive information provided to the website will be protected against unauthorized access in a man-in-the-middle attack. It does not mean the content on the webpage is genuine.
HTTPS websites are often used for phishing as many people look for the green padlock to confirm that the website is secure. Unfortunately, SSL certificates are often provided for free by hosting companies and checks on site content are not conducted.
This is an important issue for businesses to cover in security awareness training. Employees should be taught the true meaning of the green padlock and told to always check the domain name carefully before disclosing any sensitive information.
Businesses can further improve their defenses against phishing with a web filtering solution such as WebTitan. With WebTitan in place, businesses can carefully control the types of website that their employees can visit on their work computers. WebTitan also prevents users from accessing any website known to be used for phishing, malware distribution, or other malicious purposes. WebTitan also performs checks in real-time to assess the legitimacy of a website. If the checks are failed, the user is presented with a block screen and will not be able to access the site.
For further information on how a web filter can improve your organization’s security posture and better protect the business from phishing attacks, contact the TitanHQ team today.