December 20, 2023 at 02:35PM
A new phishing campaign targeting Instagram users involves fake ‘copyright infringement’ emails enticing recipients to input account details and backup codes on phishing pages. The elaborate scheme masquerades as Meta’s portal and requests sensitive information. Despite signs of fraud, the convincing approach poses a serious threat to unsuspecting victims. Users are advised to safeguard backup codes and refrain from sharing them unless necessary.
Based on the meeting notes, the key takeaways are:
1. A new phishing campaign is targeting Instagram users by pretending to be a ‘copyright infringement’ email in an attempt to steal backup codes and bypass two-factor authentication.
2. Two-factor authentication (2FA) is a security feature that requires additional verification when logging into an account, usually in the form of one-time passcodes sent via SMS, codes from an authentication app, or hardware security keys.
3. The phishing emails impersonate Meta, Instagram’s parent company, and prompt users to fill out an appeal form to resolve copyright infringement complaints.
4. The phishing site tricks users into entering their username, password, and 8-digit backup code by creating a convincing design and sense of urgency.
5. It is important to keep backup codes private and stored securely, treating them with the same level of secrecy as passwords and refraining from entering them unless necessary for accessing accounts.
6. Account holders should never enter their backup codes anywhere other than within the Instagram website or app if they still have access to their 2FA codes/keys.
These takeaways highlight the importance of vigilance and caution when dealing with phishing attempts and emphasize the need to safeguard backup codes and other account credentials.