Cybersecurity experts from Sophos recently discovered a new type of cyberattack which targets Instagram users. Researchers have warned that hackers use fake 2FA pages to convince users of unauthorized logins and require users to log in to confirm their identity. The content described in these emails is naturally fake, but the scary thing is that these pages are very similar to the actual Instagram login page. The Sophos team said:
“There’s no HTTPS (note the missing padlock); the domain name looks (and is) bogus; the login page doesn’t look like any webmail service I’ve ever used; and the whole thing is clearly fake.”
“Nevertheless, the phishing page itself is a perfectly believable facsimile of the real thing, and comes complete with a valid HTTPS certificate.”
The Sophos team also posted a suggestion for the user. If you receive an email that requires access to social media, please do not follow the link in the email. In addition, the Sophos team also advises users not to just see if there is a green padlock, because hackers are very easy to get. Users should pay attention to domain name information, and most companies such as Facebook and Instagram use top-level domains (.com). This can help you identify phishing sites because it will use different domains.