Sophos, a security research firm, has warned of a new phishing strategy that targets Instagram users. The attack is notable because it is designed to fool someone into believing their account was compromised. It is designed to look like two-factor authentication (2FA), but in reality, it is trying to get the user’s login credentials.

How It Works

The phishing attack starts by sending an email that looks like a 2FA Code. The email instructs users to enter the code to verify their identity. The email implies that someone logged in without authorization. By entering your credentials with the 2FA, you ‘verify’ your identity. This is the point where the thieves steal your credentials.


Sophos team said that the email would direct the user to a fake Instagram login page. They described it as a ‘much more believable’ scam than many out there. Sophos continued by saying the thieves thought this attack through, and it has the potential to trick many users. The redirect site also looks very convincing, with spelling and grammatical errors. The site also displays the green HTTS padlock – indicating that it is secure.

Tips For Not Getting Tricked

A good rule of thumb is when a website doesn’t have the green padlock, it should not be trusted. However, as thieves got smarter, like the ones above, just because it is there doesn’t mean its safe. Check the URL for any inconsistencies, whether spelling or odd titles. If the domain ends in .CF means it originated in the Central African Republic. Domains here are inexpensive and usually an indication of a scam. Also, look for bad grammar or spelling within the page.

When you need to change the password to your account, go to the app or social media webpage. From there, go through the security steps. If the platform needs to send you a reset or verification email, it will after YOU initiate it.

If you found this article interesting or helpful, check out our other posts!