A new phishing campaign has emerged, targeting Instagram users and attempting to steal their backup codes. The backup codes are used for two-factor authentication (2FA) on the social media platform, providing an extra layer of security for user accounts. Hackers behind the campaign aim topass 2FA gaining access to these codes.

Two-factor authentication is a widely utilized security feature that requires users to provide an additional verification method when logging into their accounts. This can include SMS passcodes, authentication app codes, or hardware security keys. By using 2FA, users add an extra barrier of protection in case their login credentials are compromised.

Instagram provides users with eight-digit backup codes in case they are unable to verify their account using 2FA. These codes can be used to regain access to their accounts if they switch their phone number, lose their device, or lose access to their email. However, these backup codes also pose a risk if they fall into the wrong hands.

In this new phishing campaign, scammers send emails pretending to be from Meta, Instagram’s parent company, claiming that the recipient’s account has violated copyright infringement laws. The email prompts the user to click on a button to appeal the decision, leading them to phishing pages where they unwittingly enter their login credentials and other personal information.

Despite the campaign showing signs of fraud, such as fake sender addresses and phishing page URLs, the convincing design and sense of urgency can still trick a significant number of targets into divulging their account credentials and backup codes.

It is crucial for Instagram users to understand that backup codes should be treated with the same level of secrecy as passwords. They should only be entered on the official Instagram website or app when necessary. It is important to remain vigilant and cautious when interacting with any email or website that requests personal information.

By staying informed and adopting safe online practices, Instagram users can protect their accounts from phishing attempts and safeguard their personal information from falling into the wrong hands.