A group of people taking photos with a selfie stick.

Meta Phishing Scam Targets Instagram Users

A new phishing campaign targeting Meta users aims to steal access to Instagram business accounts. The scam uses step-by-step instructions and fake chat support to trick users, and the attackers even attempt to add themselves as a trusted login method, which gives them complete control of the account.

The phishing emails accuse Instagram users of copyright violations, which is a method used to worry page owners, particularly those with large followings who are concerned about losing their accounts. Exploiting this fear, scammers trick users into handing over their login details.

How Attackers Exploit “Meta” Branding to Steal Your Instagram Credentials

Phishing campaigns start with a fake email alert from Instagram. In one case, the email advises that a user’s services have been suspended due to a violation of advertising regulations. It claims to be from Instagram’s customer service department and asks the recipient to click a “Check More Details” button to fix the issue.

However, the email is not authentic. Instead, it comes from a Salesforce account (noreply@salesforce.com), not an official Instagram support email. The attacker acts as Meta and fraudulently accuses the user of copyright violation on Instagram.

Fake Instagram Email Claims Advertising Violation
Fake Instagram Email Claims Advertising Violation (Cofense)

The email scares the recipient by threatening to “permanently delete the account from our servers” if they do not take action. The user is then tricked into clicking the link and filling out an “appeal form”.

Fake Instagram Copyright Appeal Page Used in Phishing Scam
Fake Instagram Copyright Appeal Page Used in Phishing Scam

A fraudulent page that mimics an authentic Meta Business page is displayed to users who click on the link for more information. This fake page asks the user to input their name and company email in order to connect with a chat support person, warning them that their account may be suspended or terminated.

The attacker then employs two techniques to compromise the business account:

  1. Fake Tech Support Chatbot: The chatbot requests screenshots of the business account along with personal information.
  2. Setup Guide: This guide provides step-by-step instructions on adding Two-Factor Authentication (2FA) to the business account. When the user is prompted to sign in with their credentials, they are sent to a legitimate Instagram page with backup codes. The authentic 2FA security is bypassed using this method.
Fake Meta Portal Scam Tricks Users into Sharing Login Details
Fake Meta Portal Scam Tricks Users into Sharing Login Details

The attacker provides a backup instruction that mimics a do-it-yourself method to “fix” the account in case that the chatbot phishing attempt is unsuccessful. Users are then prompted to click the “View Account Status” button, which displays extensive instructions for doing a “System Check.”

Fake Meta Bot Scam: "Activate System Check" Trick
Fake Meta Bot Scam: “Activate System Check” Trick (Cofense)

The attackers have put significant effort into making the scam appear legitimate, according to Cofence’s blog. The landing pages and emails resemble official Meta communications. Adding live agent support further deepens the deception. Scammers even provide video tutorials to deceive users into using them as a two-factor authentication solution.

Recommendations

This phishing attempt serves as a clear reminder of the increasing threats organisations face in safeguarding their social media credentials. Always exercise caution and double-check any correspondence before responding. In fact, scammers even use live agent help to impersonate Meta’s real employees, giving users a false sense of security.

It is important to be alert and report any unusual activity right away since phishing strategies change. This campaign is different from other scams since it highlights the advanced social engineering techniques that criminals currently use.

Inspect URLs carefully and verify the sender before clicking on any links. Using authentication apps such as Google Authenticator or Microsoft Authenticator can further help block unauthorised login attempts from unfamiliar locations and devices.

Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks. 

Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is important to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defences against phishing attacks.

Recent posts