A credential phishing attack reportedly targeted 22,000 students at national educational institutions with a campaign impersonating Instagram.
The information comes from security experts at Armorblox, who highlighted the new threat in an advisory on November 17, 2022.
“The subject of this email encouraged victims to open the message,” reads the technical write-up. The goal of this subject was to induce a sense of urgency in the victims, making it seem an action needed to be taken in order to prevent future harm.”
The email seemed to have come from Instagram support, with the sender’s name, Instagram, and email address matching Instagram’s real credentials.
“This targeted email attack was socially engineered, containing information specific to the recipient – like his or her Instagram user handle – in order to instill a level of trust that this email was a legitimate email communication from Instagram.”
