Instagram and Facebook Users Beware! Don't Fall For This Sneaky Scam
Read in other languages:
Meta has been making big strides in improving security features on its social platforms. Unfortunately, these threats are also evolving and becoming more clever, often shifting to manipulate users with fake links and pages. Now, Facebook and Instagram users are warned of a new type of login scam, or phishing, that uses emails to steal information and gain access to their accounts.
Instagram and Facebook Are Targets of a New Scam
In July, it was reported that a new phishing scheme using emails has been making the rounds, targeting Instagram users. The emails look trustworthy and appear to be coming from Meta, complete with a verification code and a familiar layout. The message in the email uses a sense of urgency, alerting users that someone has been trying to access their account and that they need to verify their identity.
In one example, the email will include links like "Report this user," and clicking on it opens a new email with a pre-set message. This technique is known as typosquatting in the context of email links. Once you click send, it verifies your email address to the bad actors' servers. With your email already confirmed as active, it's a perfect recipe for these attackers to perform nefarious acts.
These unwanted emails using typosquatting can easily pass email filtering systems since they don't attach links to flagged or malicious domains. Instead, they are later used as a way to confirm your email address is active, allowing the scammers to establish communication and build trust with their targets.
As discovered recently by Malwarebytes, a similar technique is now being used to target Facebook users. In the email, it even mentions that someone has logged onto your account and that you need to confirm through the buttons and links, which could be malicious. Clicking any of those buttons or links will have the same mailto: link action as the Instagram phishing scheme, which tricks you into confirming you're a viable target.
How to Protect Your Facebook or Instagram from Phishing Emails
Similar to other email scams and spam that bypass your mailbox's filtering system, these types of schemes can be avoided through numerous safeguards. For example, it is advisable to verify the email address of the sender and ensure that it matches the official addresses of Meta or Facebook. You can verify this by going to Meta's support page.
It is also important to avoid replying to or sending emails to these messages, as most platforms don't require this for security. Additionally, it is always recommended not to give away sensitive information like your other contact numbers and accounts, bank or card details, or social security numbers, among others.
We want to hear your tips or suggestions on how to stay safe online. Share with us your answers in the comments.
Source: Malwarebytes
