Thousands lured with blue badges in an Instagram phishing attack

Instagram phishing attack

Instagram phishing attack

A new Instagram phishing campaign is underway, attempting to scam users of the popular social media platform by luring them with a blue-badge offer.

Blue badges are highly coveted as Instagram provides them to accounts it verified to be authentic, representing a public figure, celebrity, or brand.

The spear emails in the recently observed phishing campaign inform recipients that they Instagram reviewed their accounts and deemed them eligible for a blue badge.

Bored Ape Yacht Club Instagram hacked, attackers steal $2.8M worth of NFTs

Users falling for the scam are urged to fill out a form and claim their verification badge in the next 48 hours.

While the campaign shows signs of fraud, the threat actor bets on the carelessness and enthusiasm Instagram users have when faced with the opportunity to upgrade the status of their social account.

Campaign details

The new campaign was spotted by threat analysts at Vade, an AI-based email security service, who reported that the first messages to targets were sent out on July 22.

During the deployment, email distribution volumes spiked twice, once on July 28 and again on August 9, 2022, with more than 1,000 phishing messages per day.

The messages feature Instagram and Facebook logos and inform the recipient that their account is eligible for a blue badge, urging them to click on an embedded button that would take them to the relevant submission form.

The users are warned that if they ignore the message, the form will be permanently deleted in 48 hours, creating a sense of urgency and the illusion of a limited opportunity.

The phishing form is hosted on a domain named “teamcorrectionbadges”, to make it appear as if Instagram uses a separate, dedicated domain to verify users.

The phishing process on that site relies on a three-stage form, each step showing Instagram, Facebook, WhatsApp, Messenger, and Meta logos, in an attempt to create a sense of legitimacy.

The first form requests “username”, the second asks the victim to enter “name”, “email”, and “phone number”, while the third and final step requests entering the user “password”, to supposedly verify that they own the account.

Once the victim completes the process, a message informs them that their account is now verified and that the Instagram team will contact them in the next two days. A phony case ID is also presented at this final step.

How Instagram badges work

To understand how you can protect yourself from these scams, it is essential to know how Instagram’s verification program actually works.

First, the social media platform will never contact you offering a blue badge. Users can only get it by applying themselves.

Secondly, applying for verification is only possible through the official platform, never by visiting a separate domain.


Instagram phishing attack

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts