Instagram’s Self-Defense Phishing Attacks Shut Down Microsoft Email Security, Thousands | Tech Reddy

According to the complaint, 22,000 students were targeted by an official phishing attack in the country’s universities with an Instagram-based campaign.

The information comes from security experts i Armorbloxwho revealed the new threat in a directive on November 17, 2022.

“The purpose of this email was to encourage victims to open the ad,” the technical document reads. The goal of this program is to instill a sense of panic in the victims, and a sense of action to prevent future harm.”

The email looks like it’s from Instagram support, and the sender’s name, Instagramand email address that matches the Instagram credentials.

“This targeted email attack was created by the community and contains information about the recipient – such as his Instagram username – in order to maintain a level of confidence that this email is a legitimate email message from Instagram. “

When users clicked on a link in the email, a fake landing page opened, containing the Instagram logo and information about a different login attempt detected, next to a ‘Not me’ button ‘.

Upon clicking the button, victims are redirected to a second fake landing page designed to extract sensitive user credentials.

“The email attack used language as a key attack signal and bypassed native Microsoft email security controls. It passed SPF and DMARC email authentication checks,” Armorblox explained.

According to Sami Elhini, biometrics expert i Cerberus Sentinel, Verifying that the email originates from a valid domain is a good start, but you should also check for the valid domain the email originated from.

“In this case, it is necessary to check an email from instagramsupport.net which is suspicious because the domain of Instagram is instagram.com. Where it is supported by a service, it is necessary to contact support if not you know what to do,” Elhini said Security.

Erich Kron, security consultant i KnowBe4said Elhini, suggesting that being comfortable with user interfaces and being able to navigate technology does not necessarily mean that people are fully aware of the problems.

“In our new digital age, it’s important to stay educated to detect these types of social engineering attacks,” Kron said. Security.

Armorblox’s advice comes a few days after the Nigerian Instagram Influencer punishable by up to 11 years in prison for embezzling the fruits of many online activities.