[ad_1]
It has been reported that an official phishing attack targeted 22,000 students in the country’s universities through a campaign that was imitated by Instagram followers.
The advice was highlighted by security experts at Armorblox in a statement released on November 17, 2022.
The spokesperson said: “The purpose of this email was to encourage the victims to open the message… The purpose of this campaign is to stir up the emotions of the victims, and that there is something that needs to be done. prevent future harm.”
Apparently, the email came from Instagram support. The sender’s name appeared to be Instagram and the email address matched the social media site’s credentials.
“This targeted email attack was created by the community and contains information about the recipient – such as their Instagram username – to make them believe that this email is a legitimate message from Instagram.”
When users clicked on a link in the email, they were taken to a fake landing page. This is a ‘Not me’ option, when clicked, users will be directed to a second fake landing page designed to obtain user credentials, including sensitive information.
Armorblox’s advisory said: “The email attack used language as a key attack signal and bypassed Microsoft’s email security controls. It passed SPF and DMARC email authentication checks,” Armorblox said. talk.
Sami Elhini, biometrics expert at Cerberus Sentinel, explained: “In this case, an email from instagramsupport.net should be viewed as suspicious because Instagram’s domain is instagram.com. If you are not sure know what to do.”
He added that verifying the origin of the email is a good start, but also needs to be checked for the region the email originated from.
Erich Kron, security consultant i KnowBe4added that being comfortable with user interfaces and being able to navigate technology does not necessarily mean that individuals are fully aware of the problems.
“In our new digital world, it’s important to stay educated to detect these types of social engineering attacks.”
This comes after warning of an increase in phishing attacks across the web.
[ad_2]
Source link