"Hackers Using Instagram Verification Program to Steal Personal Data"

According to a new report from Vade, hackers with IP addresses in Turkey have been abusing Instagram's verification process to steal sensitive information from unsuspecting users. Victims have received phishing emails from an "ig-badges" email account with the subject line "ig bluebadge info" informing them that their Instagram profile has been reviewed and "deemed eligible" for verification. The scam emails have the Instagram and Facebook logos at the top and bottom, as well as the person's real Instagram handle, indicating that the hackers researched their target prior to the attack, according to Vade researchers. The emails contain a badge form link that leads victims to a malicious website with Instagram and Meta logos. The website requests the person's name, phone number, email address, and Instagram password, and informs victims that they will be contacted within 48 hours if everything is entered. Many people value the Instagram blue badge for the social status it conveys, which may cloud their judgment when given the chance to obtain it. Social verification is also a mysterious and misunderstood process that is only known to the social platforms that control it. As a result, victims are more likely to believe emails and websites created by malicious third parties. According to the researchers, social media sites are still among the most popular phishing lures used by hackers. Vade's data reveals that social media brands accounted for the fourth most phished URLs of any industry in the first half of 2022. In the first half of 2022, Facebook was the second most impersonated brand they tracked. This article continues to discuss hackers' use of the Instagram verification program to steal users' personal data. 

The Record reports "Hackers Using Instagram Verification Program to Steal Personal Data"