scorecardresearch
Follow Us:
Sunday, July 03, 2022

Instagram copyright violation scam on the rise, warns security researcher

Instagram influencers and creators often have their email ID attached to their profiles, making them more susceptible to getting scam emails highlighting copyright infringement.

By: Tech Desk | Pune |
Updated: January 20, 2022 9:54:37 am
Phishing is a trick used by scammers to trick potential victims in revealing sensitive information through fraudulent messages, and dubious login pages. (File Image)

Cybercriminals have found a new sophisticated way to target Instagram users through an email phishing scam. According to Paul Ducklin, a cyber security researcher at Sophos, cybercriminals are using fake copyright infringement notices as bait for Instagram users. This particular scam has been around for a while now, and several celebrities had fallen victim to this as we had noted in January 2021. 

Phishing is a trick used by scammers to trick potential victims into revealing sensitive information through fraudulent messages, and dubious login pages. The scammers extract sensitive information such as email, date of birth, location, and phone number through malicious links and gain full access to the victims’ accounts.

It should be noted that Instagram influencers and creators often have their email ID attached to their profiles, making them more susceptible to getting scam emails highlighting copyright infringement.

How does this scam work?

Hackers sent fake copyright notices through email and asks the victim to “prove innocence” by providing a link to object to the “complaint.”

Best of Express Premium
NITI Aayog-commissioned report which studied 3 orders by Supreme Court, 2...Premium
Tavleen Singh writes: Islamism has no place in IndiaPremium
‘The biggest problem is our dependence on imported energy, which is 4% of...Premium
A Letter From Silchar, Assam: Down a town, on a boat with a bodyPremium

The security firm highlights that Instagram users are receiving a message on their account that reads, “Hello, …We recently received a complaint about a post on your Instagram. Your post has been reported as infringing copyright. Your account will be removed if no objection is made to the copyrighted work. If you think this determination is incorrect, please fill out the objection form from the link below .”

Instagram phishing scam targeting Instagram creators and influencers. (Screenshot: Sophos)

At the bottom of the phishing email, there’s an ‘appeal’ button that leads users to a new page. The ‘appeal’ uses a shortened link, but whether you check the destination of the link in advance or click through anyway,” the resulting website doesn’t look as bogus as you might expect,” Ducklin notes.

The malicious website then asks to input your email address and your Instagram password. It then pretends that you made an error typing in your password and tells you to try again.

“It is presumably as a simple way for the crooks to discard login attempts where a user clearly just bashed out any old garbage on the keyboard to see what happened next,” the researcher noted. Then there’s a message that tells you that your appeal was submitted successfully.

Ultimately, users are tricked into providing their password that compromises their Instagram account completely. “While we hope that you’d spot an email scam of this sort right away, we have to admit that some of the copyright phishes we’ve received in recent weeks are much more believable – and better spelled, and more grammatical – than many of the examples we’ve written about before.”

How to stay safe?

Ducklin in the blog post highlights some tricks that can keep you safe from any such phishing attacks.

#Don’t click “helpful” links in emails: Learn in advance how to handle Instagram copyright complaints, so you know the procedure before you need to follow it. Do the same for the other social networks and content delivery sites you use. Don’t wait until after a complaint arrives to find out the right way to respond. If you already know the right URL to use, you never need to rely on any link in any email, whether that email is real or fake.

#Think before you click: Although the website name in this scam is somewhat believable, it’s clearly not instagram.com or facebook.com, which is almost certainly what you would expect. We hope you wouldn’t click through in the first place (see point 1), but if you do visit the site by mistake, don’t be in a hurry to go further. A few seconds to stop and double-check the site details would be time well spent.

#Use a password manager and 2FA whenever you can: Password managers help to prevent you from putting the right password into the wrong site because they can’t suggest a password for a site they’ve never seen before. And 2FA (those one-time codes you use together with a password) make things harder for the crooks because your password alone is no longer enough to give them access to your account.

#Talk to a friend you know face-to-face who’s done it before: If you are active on social media or in the blogosphere, you might as well prepare in case you ever get a copyright infringement notice for real. (We’re assuming the accusation will be false, but the complaint itself will actually exist.) If you know someone who has already gone through the genuine process once, see if they’ll tell you how it went in real life. This will make it much easier to spot fake complaints in the future.

UPSC KEY Have you seen our section dedicated to helping USPC aspirants decode daily news in the context of their exams?

📣 Join our Telegram channel (The Indian Express) for the latest news and updates

For all the latest Technology News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard
Advertisement
Advertisement
Advertisement
Advertisement