Instagram Users: Fake Copyright Infringement Notices

There’s a new scam targeting highly-trafficked Instagram accounts, and anyone with several thousand followers on their account — including businesses and clients — are fair game to the fraudsters. The scheme masquerades as a false claim of copyright infringement, according to Kaspersky Labs, who first noticed the new way influential and popular users are being cajoled into giving up their credentials to attackers.

How can you tell if your company or a client is in the crosshairs? The first sign of attack comes in the form of an official-looking email, seemingly from the team at Instagram.

“Your account will be permanently deleted for copyright infringement,” the email threatens. Tripwire reports in a recent article that the scam then requires action in the next 24-48 hours that involves “addressing the claim” and “verifying credentials.” This is where the user is required to type in the account’s password, which hands over the keys to the social media account to the attackers. It doesn’t end there, though — Tripwire warns that an “email verification” is required in addition to the credentials verification, where the user is asked to choose their email provider and give up the username and password for that login as well.

Kaspersky warns the false emails from Instagram are extremely similar to actual Instagram addresses. They include “mail@theinstagram.team” or “info@theinstagram.team.” Protecting your business or your clients from giving up the information in the first place is paramount — once the information is handed over, scammers can then demand ransom to return the account, spread malicious content across the page, and of course, change the information required to assert control over the account, like passwords and security questions. Tripwire encourages managers of popular Instagram accounts to enable two-factor authentication to make it significantly more difficult for attackers to gain access to the account. Kaspersky advises staying up-to-date on best practices, like avoiding suspicious links and only logging into Instagram through the official app.