Security News New phishing attack steals your Instagram backup codes to bypass 2FA

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,592
A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account.

Two-factor authentication is a security feature that requires users to enter an additional form of verification when logging into the account. This verification is usually in the form of one-time passcodes sent via SMS text message, codes from an authentication app, or through hardware security keys.

Using 2FA helps protect your accounts if your credentials are stolen or purchased from a cybercrime marketplace, as the threat actor would need access to your mobile device or email to log into your protected account.

When configuring two-factor authentication on Instagram, the site will also provide eight-digit backup codes that can be used to regain access to accounts if you cannot verify your account using 2FA. This could happen for multiple reasons, such as switching your mobile number, losing your phone, and losing access to your email account.

However, backup codes come with some risk, as if a threat actor can steal those codes, they can hijack Instagram accounts using unrecognized devices simply by knowing the target's credentials, which can be stolen through phishing or found in unrelated data breaches.

Copyright infringement phishing messages claim the recipient has posted something that violates intellectual property protection laws, and hence, their account has been restricted.

Recipients of these messages are urged to click a button to appeal the decision, which redirects them to phishing pages where they enter their account credentials and other details.

The same theme has been used several times, including against Facebook users, and has facilitated infection chains for the LockBit ransomware and the BazaLoader malware, among others.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top