Sophos: Instagram Phish Poses as Copyright Infringement Warning

Along with the recent 2FA phishing lure on Instagram, Sophos has recently uncovered that cybercriminals are tapping into the common concern of Instagram users – the copyright suspension. Many users find themselves getting locked out of their accounts over something as simple as a repost, and it is common for Instagram to report it as an action against their copyright laws.

In a recent article, Paul Ducklin, Senior Technologist at Sophos, discusses the dangers of clicking on the ‘Copyright Objection Form’ and appealing to resolve a particular ‘dispute’ as it has become yet another phishing method used by cybercriminals. To keep users safe and secure, Sophos has published an article to advice users with ways to tackle such phishing scams on Instagram or any other platform. Paul explains in detail how cybercriminals getaway with the scam through the use of free domain names, along with why Instagram accounts are a target.

Here are some of Ducklin’s tips for staying out of trouble:

  • Read Instagram’s official explanation from the company’s own help pages. If you know what the real deal is supposed to look like, then you’ll never fall for a fake warning like this one.
  • Check your address bar. If a web address is too long to fit cleanly into the address bar of your browser, take the trouble to scroll rightwards in the address text to find the right-hand end. Closer inspection would quickly reveal the bogus domain name here.
  • Consider using a password manager. Good password managers associate usernames and passwords with already-known login pages, so your password manager wouldn’t offer to fill in an unexpected password field on an unknown web domain – it simply wouldn’t know what account to use.
  • Never login via email links. If you need to login to a site such as Instagram for some official purpose, find your own way there, for example via a bookmark you created earlier, or by using the official mobile app. That way, you’ll avoid putting your real password into the wrong site.

Additional tips and more details on the nature of the scam are in this Naked Security article (at the end): Instagram Phish Poses as Copyright Infringement Warning- don’t click!

Leave a Reply