Cyber security researcher Paul Ducklin has recently informed users about a new technique that is being used by fraudsters, by sending fake infringement notices.
One of the most popular social media networks is Instagram. Hundreds of millions of people utilize the platform on a daily basis. However, because the platform has so many users, it attracts negative actors as well. Cybercriminals have recently developed a new means of threatening consumers. A cyber security expert recently alerted Instagram users about a new phishing scam that uses a phony copyright notice to lure users into opening dangerous links.
Instagram users are constantly posting content. While part of the stuff people share is original (i.e., it was developed and uploaded by the user), other content such as movies, reels, photographs, and memes may not be. In most circumstances, there is no infringement of copyright because the content is intended for sharing on the platform. Users may, however, get a copyright violation notification in some situations. Multiple copyright violations might result in an Instagram account being suspended. Fraudsters prey on this fear to lure users into disclosing sensitive personal information.
How does the new Instagram copyright violation scam work?
As previously noted, cyber security expert Paul Ducklin recently alerted consumers to a new fraud technique being employed by criminals. Cybercriminals are sending phony copyright infringement notifications to a huge number of users on their Instagram ID in an attempt to acquire victims’ personal information. The notice also includes a URL that consumers should utilize to verify their innocence and fight the infringement.
According to Sophos, a cyber security group, the message that users may see is “Hello, we received a complaint about a post on your Instagram account lately. Copyright infringement has been reported on your post. If no objections are raised to the copyrighted material, your account will be deleted. If you believe this decision is erroneous, please submit an objection using the link below.” Users should avoid clicking links associated to suspicious emails to prevent falling victim to cybercrime.
After that, when users click on the link provided to file a copyright infringement complaint, a malicious website appears, asking them to log in to their Instagram account using their login ID and password. When users input their passwords, however, the link informs them that the user ID and password they supplied are incorrect. The users receive a notice indicating their appeal was successfully submitted after two to three attempts. This is merely a ruse employed by scammers to obtain a user’s ID and password, which grants them access to their Instagram account.
What is a phishing link?
A phishing link is created by fraudsters, who lead you to believe you are entering your personal details on a secure website — the Instagram help centre, in this case — but the details actually go directly to him/her.
Using these details, the fraudsters can log in from your account and change the password, thereby locking you out of your own account. They can then make changes to the username and use the verified account for duping others.
In the case of this fraud, the fraudsters even ensure the page has a ‘https’ in the address bar that is usually a sign that it is a secure site.
What do the fraudsters gain by getting access to these accounts ?
Social media accounts are used by fraudsters for a variety of reasons. One of the main reasons, as previously observed, is to sell personal information on the darknet – an unindexed portion of the Internet accessible only through the TOR software.
Several sites on the darknet sell bundles of personal debit card information and passwords, which are subsequently acquired by other cyber criminals to withdraw funds.
Others are interested in obtaining access to celebrities’ social media accounts, which sell for a premium price.
With access, some scammers would ask people on the friends list for money in exchange for money.
You can see a list of International IP firms here.