A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed.
According to a
report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google’s email security by using a valid domain name, eventually reaching the mailboxes of hundreds of employees.
Scam Looked Identical to Instagram
The attack began with a simple email. Disguised as an alert from Instagram’s technical support team, it indicated that the recipient’s account was under threat of deactivation. The intention, according to the report, was “to create a sense of urgency while instilling trust in the sender.”
“You have been reported for sharing fake content in your membership,” read the body of the email. “You must verify your membership. If you can’t verify within 24 hours your membership will be permanently deleted from our servers.” This message fostered a sense of urgency, to goad the unsuspecting into clicking on a malicious “account verify” link. Targets who did so ended up on a landing page, where they were asked to submit their Instagram account login information. That information would go straight to the malicious actor, of course, unbeknownst to the target themselves.
threatpost.com
