A recent phishing scheme has emerged, posing as a ‘copyright infringement’ email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication safeguarding users’ accounts.
Two-factor authentication is a security layer demanding an extra form of verification during login. This commonly involves one-time passcodes sent via SMS, codes from authentication apps, or hardware security keys. Employing 2FA is crucial in shielding accounts in the event of compromised credentials, requiring a threat actor to access the user’s mobile device or email to gain entry.
Instagram, when enabling 2FA, provides eight-digit backup codes as a fail-safe for scenarios like changing phone numbers, losing a device, or email access. However, these backup codes pose a risk if obtained by malicious actors, enabling them to seize Instagram accounts using unauthorized devices by exploiting the user’s credentials, acquired through phishing or unrelated data breaches.
The phishing tactic involves sending messages alleging copyright infringement, claiming the user violated intellectual property laws, resulting in account restrictions. Users are then prompted to click a button to appeal, leading them to phishing pages where they unwittingly provide account credentials and other information.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: