Two-factor authentication doesn't help if the user doesn't recognize the threat themselves.
Researchers from Trustwave have identified another phishing campaign aimed at Instagram users*. This time, scammers are trying to get backup two-factor authentication codes to hack accounts.
It all starts with fake emails, ostensibly on behalf of Meta*, the owner of Instagram. The user is informed that their account has been blocked following a complaint from copyright holders for copyright infringement. To restore access, you need to fill out the appeal form by clicking on the attached link. In fact, the link leads to a duplicate site of the official Meta portal.
Next, the victim is asked to go to a second phishing page disguised as an "Account Confirmation Form". Here you need to enter your username and password, as well as an eight-digit backup code to bypass two-factor authentication. After receiving this data, attackers will easily enter the victim's account and can completely seize control over it.
Users receive a spare 2FA code when they enable two-factor authentication. It can be useful if for some reason it is impossible to use standard login methods, for example, if you change your phone number or lose access to email.
Despite numerous signs of fraud, such as suspicious sender addresses, links leading to fake sites, and the URLs of phishing pages themselves, convincing design and a sense of urgency can still mislead a significant percentage of victims.
It is important to understand that backup codes are intended exclusively for emergency account recovery. It's not safe to enter them anywhere other than the official Instagram services. These codes need the same secrecy as passwords.
Analyzing the attack, experts conclude that attackers quickly adapt their methods to new security technologies, and not only in Instagram. However, responsible users who follow all the security rules remain inaccessible to this kind of fraud.
Researchers from Trustwave have identified another phishing campaign aimed at Instagram users*. This time, scammers are trying to get backup two-factor authentication codes to hack accounts.
It all starts with fake emails, ostensibly on behalf of Meta*, the owner of Instagram. The user is informed that their account has been blocked following a complaint from copyright holders for copyright infringement. To restore access, you need to fill out the appeal form by clicking on the attached link. In fact, the link leads to a duplicate site of the official Meta portal.
Next, the victim is asked to go to a second phishing page disguised as an "Account Confirmation Form". Here you need to enter your username and password, as well as an eight-digit backup code to bypass two-factor authentication. After receiving this data, attackers will easily enter the victim's account and can completely seize control over it.
Users receive a spare 2FA code when they enable two-factor authentication. It can be useful if for some reason it is impossible to use standard login methods, for example, if you change your phone number or lose access to email.
Despite numerous signs of fraud, such as suspicious sender addresses, links leading to fake sites, and the URLs of phishing pages themselves, convincing design and a sense of urgency can still mislead a significant percentage of victims.
It is important to understand that backup codes are intended exclusively for emergency account recovery. It's not safe to enter them anywhere other than the official Instagram services. These codes need the same secrecy as passwords.
Analyzing the attack, experts conclude that attackers quickly adapt their methods to new security technologies, and not only in Instagram. However, responsible users who follow all the security rules remain inaccessible to this kind of fraud.
