A phishing campaign is targeting Instagram users with phony notifications about failed login attempts, according to researchers at Malwarebytes. Notably, the emails contain “mailto” links rather than traditional URLs, which help the phishing messages avoid being flagged by security filters.
“Instead of linking to a phishing website, which is most common with emails like this, both the ‘Report this user’ and ‘Remove your email address’ links are mailto links,” the researchers write.
“Clicking on a mailto link opens your default email program with a pre-addressed message with the subject line ‘Report this user to secure your account’ or ‘Remove your email address from this account’ for the second link. The email addresses in these links all had unsuspicious looking domains, made to look similar to legitimate ones.”
Malwarebytes offers the following advice to help users avoid falling for these scams:
- “As with regular links, scrutinize the destination of an email link. Even if the domain looks legitimate, your Instagram account isn’t secured by a shoe maker or vacation provider, or someone using a gmail address. The email address should be one that belongs to Instagram or Meta.
- Remember that legitimate companies will not ask you to mail them your account details, credentials, or other sensitive information.
- If there’s an urgency to respond to an email, take a pause before you do. This is a classic scammer trick to get you to act before you can think.
- Don’t reply if the warning looks suspicious in any way. Sending an email will tell the phishers that your email address is active, and it will be targeted even more.
- Do an online search about the email you received, in case others are posting about similar scams.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Malwarebytes has the story.
