Social media has grown to be an effective communication tool for personal use and a necessity for official and business connections. With the increase in popularity of social platforms the risk of cyber-attacks has become inevitable. In recent years, social media cybersecurity threats have victimized millions of individuals across the globe making these digital platforms subjected to data mining scandals, data breaches, phishing campaigns and account takeover attacks leading to theft of personal data.
In a novel Instagram hacking campaign highlighted by darkreading, the threat actors sent Instagram users fraudulent emails claiming that the administrator network intends to permanently delete their account due to copyright infringement. The email utilized URL redirection tactics to deceive business users and influencers into giving up their login credentials through clicking on an embedded phishing link. These phishing links steer the users to account takeover, theft of sensitive information and a demand of ransom payment with the threat to sell privileged data on Dark Web.
The analysis by SpiderLabs discloses that the attack email deceives the social media influencers, businesses, and the average account holder by employing the instagram’s official logo and recommending that the affected users are probably executing copyright infringement. The email raises concerns by originating from an email [email protected] or [email protected] which is analogous to Instagram’s actual support email, [email protected].
Earlier this year the instagram’s parent company Meta owned Facebook was also exposed to a similar “infringement phishing” attack with emails suggesting that the users had violated community standards but the attack on instagram was deadlier, as culminated by the researcher Homer Pacag at SpiderLabs. The attack on instagram caused more devastation because it maneuvered malware creators leveraging URL redirection to steal personal information from victims using messages crafted to appear urgent. The URL redirection directly included an embedded URL in the message instead of attaching a malicious file that a user clicks to reach a phishing page. It can be difficult for most URL detection systems to identify this deceptive practice, as the intended phishing URLs are embedded mostly in the URL query parameters.
The attackers employ bogus copyright reports and step by step data harvesting to make their exploitation tactics more evasive, luring the users into credential theft. The cyber endangered landscape entails detection of Novel Phishing Tactics and technology catchup to nip the evil of cyber threats in its bud. Social media is a haven for cybercriminals and the companies should implement ahead-of-time threat detection to block potential phishing domains and cloned legitimate websites. With social media security being more important than ever the social media companies’ security teams should conduct a simulated phishing engagement on their phishing defenses to make cybersecurity awareness, prevention, and security best practices a part of their culture. A solid social media and digital media protection plan is the way forward to ensure cyber threat resilience and to boost cybersecurity defense.