A new phishing campaign targeting Instagram users has been discovered, which uses several different techniques to lure victims into phishing websites and steal Instagram's two-factor backup codes.
Instagram backup codes are five eight-digit codes used when users want to log in to an unrecognized device when two-factor authentication has been enabled.
This list of backup codes can be regenerated when the users log into their Instagram accounts.
According to a report by TrustWave, during the initial phase of the attack, the attackers impersonated Meta, which is the parent company of Instagram, and sent emails to multiple victims.
Failing to do so, the Instagram account will be permanently deleted according to the threat actors' email.
Users are redirected to a fake meta website When they click on the embedded button in the email.
The victims landed on the fake Meta website, which appears to be hosted on Bio sites, a platform for tracking users' traffic.
The final phishing website is hosted on help-copyrightservice[.
Clicking on this button takes the user to the next step and asks for a username and password.
Once the users enter their credentials, it asks whether their two-factor authentication is enabled for the account.
The final page of this website asks for the user's email address and phone number.
Threat actors have continuously enhanced these websites as the UI seems to have changed recently.
A complete report about this phishing campaign has been published, providing detailed information about the lure method, website identifications, and other information.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 21 Dec 2023 10:45:04 +0000