[Warning] Instagram Phishing attempts

[Baofeng]

Cyber criminals is now targeting Instragram for their phishing attempts:

This is how the fake looks like:



And this is the real one:



Visually you can't really tell the difference here, so everyone need to be very careful as those crooks are targeting our social media accounts because they know they can get something out of it (whether to used as ransom or something else). Verify the URL itself and not just trust any website just because it looks like the real one.

https://www.bleepingcomputer.com/news/security/instagram-phishing-emails-use-fake-login-warning-baits/

[1714006546]

1714006546

[1714006546]

1714006546

[hd49728]

Basically, phising attacks always have some common traps, fake domain addresses, links sent to emails of curious people. Therefore, if people know all those things, but still fall into those phising traps, it is sure their faults. There is nothing bad occurs if they pay attention on site address as very first thing when using any platforms.

This attacks ask for 2FA confirmation and fake warning, but this raise a question if someone observant notice.

Furthermore, steps proposed by Instagram to increase Instagram account's security. People who use Instagram, read this thread, and have not yet applied those security steps, please do it now.

• Change your password or send yourself a password reset email

• Revoke access to any suspicious third-party apps

• Turn on two-factor authentication for additional security

Source: https://www.bleepingcomputer.com/news/security/instagram-phishing-emails-use-fake-login-warning-baits/

[elda34b]

I'm quite confused as to why the URL of the phishing site is blocked. Shouldn't people know that? I mean, it's already mentioned that phishing site appearance is similar to the original site and the URL is the way to differentiate it. Why would they block it?

Also, be careful with punycode. It might trick you if you're not careful enough. And don't fall for the SSL logo trap. Any website can have its own SSL certificate.

[hd49728]

I'm quite confused as to why the URL of the phishing site is blocked. Shouldn't people know that? I mean, it's already mentioned that phishing site appearance is similar to the original site and the URL is the way to differentiate it. Why would they block it?

Also, be careful with punycode. It might trick you if you're not careful enough. And don't fall for the SSL logo trap. Any website can have its own SSL certificate.

What they mentioned is that phising site has .cf in their domain, not sure that phising site address has punny code or not.
For punny code, it is worth to remind people to remember cleaning their computer/laptop screens daily. It is better for their eyes and help them to more easily find punny code attacks.

However, there is a small little twist: instead of displaying the instagram.com domain in the web browser's address bar, the phishers use a .CF domain (the country code top-level domain for the Central African Republic).

[Lucius]

Nothing new in world of phishing, hackers target all social media accounts so Instagram is no exception. Although this case does not seem too serious, they put in extra effort in the form of the false 2FA, after which user is redirect to fake sign-up / log-in page.

This type of fraud is only possible for those who do not pay attention to details, and what you need more then cf domain to realize that the page has nothing to do with real Instagram.

Best protection is to use bookmarks, when you are 100% sure that you are on legit site, save it to bookmark of your browser and always access it from there, but take few seconds and check site address for extra security.

This site is already blocked by Chrome, and probably Firefox.

[DdmrDdmr]

<...>

I’m not sure if that is the currently circulating phishing URL, since the article stated:

<…> If we had to guess, we’d suggest that the crooks didn't get quite as believable a name as they wanted because they went for a free domain name <…>

If we search the internet, we can come-across a few websites that list these phishing attempts, and there are pleny of them each day (I’ve looked through phishbank dot org, which displays images and URLs – many of which are very distant from the URL they try to impersonate, although some are nearly credible if you simply look at the name – which is not enough obviously).

[jdarren]

that is crazy!! I would never have known if you hadn't posted. I appreciate it

[Stedsm]

OP, isn't it the punycode attack where they try to impersonate URLs and send Unicode to the address bar and make people believe that it's the original URL when most guys don't even bother to check where they are visiting?

I'm quoting a post from a different thread where crairezx20 has explained already about this case and shared a thread that shows everything about how to keep yourself safe from such attacks in Firefox through a detailed guide.

Why the Punycode attack is not listed or mention above?

This is one of the Electrum attacks before even you see the legit URL which is electrum.org we cant see if the site is fake or not but if you copy and paste the URL to notepad it will show the true URL.

I know you can disable Punycode in firefox but I don't know how for chrome.

For safety better use firefox instead and disable punnycode get more info from this post here https://bitcointalk.org/index.php?topic=5178198.0

[wwzsocki]

OP, isn't it the punycode attack where they try to impersonate URLs and send Unicode to the address bar and make people believe that it's the original URL when most guys don't even bother to check where they are visiting?...

I don't see the exact phishing link in the OP but I am sure this is in 99% a Punycode (Homograph) Phishing attack.

Here is a detailed post about Punycode Phishing attacks, which I have written a couple of days ago: What is Punycode and how to protect yourself from Homograph Phishing attacks?.

Here a great example of Punycode (Homograph) Phishing attack:

The most tricky phising website i've heard was this one.Looks like Binance.com but there are no "n". This is strange n with dot at the bottom.


source

How to deal with such a phishing address? Those dots are almost unnoticeable.