Hackers and cyber criminals are now Instagram phishing to gain access to your personal details, it was revealed in the U.S. last week.
A new form of phishing shows the use of a two-factor authentication (2FA) code on Instagram; the implication is that you aren’t going to need to use a password, but instead simply to confirm that the email reached you.
In previous years, cyber crooks went straight for people’s bank account details through online scams.
Although this still remains the case, social media passwords are now of increasing interest to crooks, because the innards of your social media accounts typically give away much more about you than the crooks could find out with regular searches.
Additionally, a hacker inside your social media account can use it to trick your friends and family too, so you’re not just putting yourself at risk by losing control of the account.
Sophos is a cybersecurity firm based in Northern Ireland. Following the recent phishing findings, Paul Ducklin, a senior technologist at the company said:
"Successful phishers know three things: less is more; calm language works better than !!!SHOUTING!!!; and ripping off official content is easier than creating their own material. As a result, you can no longer rely on the obvious tell-tales of phishing from the past, such as spelling mistakes, wild promises, and unbelievable threats or messed up web pages."
"These days, don't look for reasons to disbelieve an email - look for very specific reasons to accept it instead. Most importantly, if an email wants you to go online and do something such as check your account; ignore any and all instructions in the email itself. If it's an account you actually use, you'll know how to get there already, so follow your own nose, not someone else's.”
Mr Ducklin also provided these top three tips to avoid such phishing scams:
Remember – if in doubt, don’t give it out.
Companies as well as individuals are also vulnerable to phishing attacks, and the UK National Cyber Security Centre (NCSC) reported earlier in 2019 a dramatic shift in the number of phishing attempts in which someone impersonates a member of HMRC.
Photograph (c) Sophos