Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Instagram security. Show all posts

Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection

 

A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication safeguarding users' accounts.

Two-factor authentication is a security layer demanding an extra form of verification during login. This commonly involves one-time passcodes sent via SMS, codes from authentication apps, or hardware security keys. Employing 2FA is crucial in shielding accounts in the event of compromised credentials, requiring a threat actor to access the user's mobile device or email to gain entry.

Instagram, when enabling 2FA, provides eight-digit backup codes as a fail-safe for scenarios like changing phone numbers, losing a device, or email access. However, these backup codes pose a risk if obtained by malicious actors, enabling them to seize Instagram accounts using unauthorized devices by exploiting the user's credentials, acquired through phishing or unrelated data breaches.

The phishing tactic involves sending messages alleging copyright infringement, claiming the user violated intellectual property laws, resulting in account restrictions. Users are then prompted to click a button to appeal, leading them to phishing pages where they unwittingly provide account credentials and other information.

Trustwave analysts discovered the latest iteration of this attack, where phishing emails mimic Meta, Instagram's parent company. The deceptive email warns users of copyright infringement complaints and urges them to fill out an appeal form to address the issue. Clicking on the provided button redirects the victim to a fake Meta violations portal, where they are prompted to click another button, purportedly for confirming their account.

This second click redirects to another phishing page resembling Meta's "Appeal Center" portal, prompting victims to input their username and password twice. After acquiring these details, the phishing site requests confirmation of 2FA protection and, upon affirmation, demands the 8-digit backup code.

Despite identifiable signs of fraud, such as misleading sender addresses and URLs, the convincing design and urgency of the phishing pages could still deceive a significant number of targets into divulging their account credentials and backup codes.

The importance of safeguarding backup codes is emphasized, with users advised to treat them with the same level of confidentiality as passwords. It is emphasized that there is never a legitimate reason to enter backup codes anywhere other than the official Instagram website or app, as a precaution against falling victim to such phishing campaigns.