A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account.
Two-factor authentication is a security feature that requires users to enter an additional form of verification when logging into the account. This verification is usually in the form of one-time passcodes sent via SMS text message, codes from an authentication app, or through hardware security keys.
Using 2FA helps protect your accounts if your credentials are stolen or purchased from a cybercrime marketplace, as the threat actor would need access to your mobile device or email to log into your protected account.
When configuring two-factor authentication on Instagram, the site will also provide eight-digit backup codes that can be used to regain access to accounts if you cannot verify your account using 2FA. This could happen for multiple reasons, such as switching your mobile number, losing your phone, and losing access to your email account.
However, backup codes come with some risk, as if a threat actor can steal those codes, they can hijack Instagram accounts using unrecognized devices simply by knowing the target's credentials, which can be stolen through phishing or found in unrelated data breaches.
Copyright infringement phishing messages claim the recipient has posted something that violates intellectual property protection laws, and hence, their account has been restricted.
Recipients of these messages are urged to click a button to appeal the decision, which redirects them to phishing pages where they enter their account credentials and other details.
The same theme has been used several times, including
against Facebook users, and has facilitated infection chains for the
LockBit ransomware and the
BazaLoader malware, among others.
