Instagram phishing attack underway

BleepingComputer reports that thousands of Instagram users are being targeted in an ongoing phishing campaign that uses blue-badge offers as lures. Attackers commenced the campaign on July 22, with more than 1,000 phishing messages sent on July 28 and Aug. 9, a report from Vade showed. Instagram and Facebook logos were included in the phishing emails informing recipients regarding their blue badge eligibility. Individuals given the messages have been urged to click on an embedded link that would redirect to a submission form hosted on the "teamcorrectionbadges" domain in a bid to establish legitimacy. Researchers observed a three-stage form used in the attack, which separately seek for users' username, name, email, phone number, and password. Completion of the process would prompt a verification message that also includes a fake case ID, researchers added. Combatting such scams requires increased awareness of Instagram's verification program, which only grants blue badges to celebrities, brands, and notable public figures who directly apply using the official platform.