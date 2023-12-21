A recent phishing campaign has emerged just in time for the holiday season, aiming to steal Instagram backup codes and take over user accounts. This new tactic, uncovered Trustwave, not only seeks victims’ login credentials but also their backup codes. Backup codes are one-time-use codes that allow users (or attackers) to access their accounts when they can’t use a 2FA code.

The phishing campaign starts with an email that appears to come from Meta, the parent company of Instagram and Facebook. The email falsely claims that the recipient’s account has violated copyright laws, creating a sense of urgency and forcing victims to take immediate action. The email includes a link to an appeal form, which must be completed within 12 hours to prevent permanent account deletion.

While the email branding seems accurate, there are subtle signs that it is a phishing attempt, such as irregular spacing and grammar errors. Trustwave emphasizes the importance of checking the domain of any suspicious email before clicking on any links. In this case, the domain “contact-helpchannelcopyrights[.]com” does not belong to Meta.

The malicious website, hosted Bio Sites, a subsidiary of Squarespace, mimics the theme of the phishing email. The attackers hope that the consistent branding will deceive potential victims. On this website, victims are prompted to enter their login credentials and backup codes, granting the attackers full access to their Instagram accounts.

However, there are always tell-tale signs that can help identify phishing campaigns. It is essential to take the time to perform basic checks and not share any sensitive information, regardless of how busy we may be. Trustwave has provided detailed information about this particular phishing attack on their website for those seeking further information.

Stay vigilant and keep your online security a top priority, even during busy times like the holiday season.