Cybercriminals are constantly finding ways to deceive their victims. Although the trick is not very sophisticated, many victims are deceived.
According to a cybersecurity researcher from Sophos named Paul Ducklin, a new mode is currently circulating for stealing Instagram user data. Namely through copyright infringement notices or fake copyright infringement.
Reported by Indian Express, Wednesday (9/3/2022), this type of scam has actually been around for a long time. However, there are still Instagram users who have many followers who are deceived by this phishing type of scam.
Phishing is a trick used by fraudsters to trick victims into submitting their personal data. The goal is that the perpetrator can take over the victim's account with these data, such as email, date of birth, phone number, and even in the scam we received including asking for a password.
Well, the victim or potential victim is usually an account that includes an email address on their profile, making it easy for perpetrators to send emails.
So how does this scam work? The perpetrator sent an email that appeared to have been sent by Instagram and stated that the victim had violated copyright in their post. Then the victim is given the opportunity to defend himself by clicking on the link included in the email.
"We recently received a complaint posted on your Instagram account. An image of his album was reported to contain copyrighted content. If no objections are raised to the copyrighted work, we will need to remove your account. Please fill out the appeal form," so it is written in our monitored e-mail.
When clicked, the link will direct the victim to a site at guarindfmeta.org/appeal. This is definitely not the official address of the Instagram site or Meta -- Instagram's parent --.
Inside, there is a form that asks the victim to enter the name of his Instagram account. When we try, whatever the account name is entered, the next screen will state that the account has violated copyright, and ask the victim to enter other data, including the password.
Interestingly, when the form is filled in, the site will say the victim typed the password incorrectly and asked to retype it. According to Ducklin, this may be the criminal's way of ensuring that the victim doesn't just enter the password on the first try.
On the second attempt, a message will appear stating that the defense attempt has been successfully sent.
"While we hope that you will be able to spot an email scam like this firsthand, we have to admit that the copyright phishing actions we've received in the past few weeks seem more believable," added Ducklin.
So how do you avoid being fooled by this simple scam?
Think before clicking any link. Although it looks trustworthy, try to look in more detail at the various posts in the email. Especially the sender's email address, if it's not instagram.com or facebook.com, or whatever other official site is, it's most likely a scam.
Use two-stage verification. If you are tricked into handing over your password to a fraudster, they will still need the code sent to your email, mobile number, or authenticator app to log into your account.
