Losing sleep over that mail from Instagram stating that you have violated copyright by posting an image, a video or a GIF, and that you need to give an answer in a day?
Security experts warn that there is a good chance such messages are a bait to steal your credentials.
It is quite common for Instagram users to post visuals or videos on their timeline. Hackers see an opportunity here and send mails to the users, telling them that they might have violated someone’s copyright.
Fearing that they might be locked out of their social media account, even temporarily, over an unresolved argument about an image, users might fill up forms in order to prove their innocence.
“Instagram users are being targeted by a new phishing campaign that baits them into giving away their credentials using fake copyright infringement alerts,” cyber security experts at Sophos say.
“The phishing e-mails distributed as part of this campaign use fake account suspension messages. They could ask you to fill up a 'Copyright Objection Form' within 24 hours,” Paul Ducklin, Senior Technologist at Sophos, said.
Ducklin says there are authentic Instagram copyright infringement reports. “We recommend that you read Instagram’s official explanation from the company’s own help pages – if you know what the real deal is supposed to look like, then you’ll never fall for a fake warning like this one,” he says.
Do’s and don’ts
He asks users to look out for obvious errors. “In this attack, the crooks were careless with the e-mail they sent. It contains numerous grammatical and typographic errors, which are a big giveaway,” he says.
“Closer inspection would reveal that the e-mail came from a Turkish hosting company, and that the clickable button in the e-mail itself led to a bogus .CF domain, not what you might expect in the case of an Instagram page,” he says.
“Check your address bar. If a web address is too long to fit cleanly into the address bar of your browser, take the trouble to scroll rightwards in the address text to find the right-hand end. A closer inspection would quickly reveal the bogus domain name,” he points out.
People should not give in to the warnings that they receive by e-mail, he sums up.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.