Armorblox has dived into the details of a credential phishing attack that spoofed Instagram, the global social media platform across end users and businesses for connecting and sharing updates via images, videos, and short clips, to steal credentials.
Impact: Targeting approximately 22,000 mailboxes of employees at a national institution establishment within the Education Industry.
How it works: Hackers instill trust in victims by impersonating Instagram’s support team to notify recipients of unusual account login activity. Recipients are prompted to click on the provided link to secure their account. Clicking on the link navigated to a fake login page, resembling Instagram – and socially engineered with details around a login from an unrecognized device and information specific to the recipient, such as his or her Instagram user handle – in hopes of exfiltrating sensitive user credentials.
Email security bypassed: Microsoft Exchange Email Security and Secure Email Gateway. Which is bad news if you depend on either to protect you from this sort of attack.
You can view the full report here.
Like this:
Like Loading...
Related
This entry was posted on November 17, 2022 at 9:01 am and is filed under Commentary with tags Armorblox. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Spoof Instagram for User Credentials; 22,000 Mailboxes Targeted in Phishing Campaign
Armorblox has dived into the details of a credential phishing attack that spoofed Instagram, the global social media platform across end users and businesses for connecting and sharing updates via images, videos, and short clips, to steal credentials.
Impact: Targeting approximately 22,000 mailboxes of employees at a national institution establishment within the Education Industry.
How it works: Hackers instill trust in victims by impersonating Instagram’s support team to notify recipients of unusual account login activity. Recipients are prompted to click on the provided link to secure their account. Clicking on the link navigated to a fake login page, resembling Instagram – and socially engineered with details around a login from an unrecognized device and information specific to the recipient, such as his or her Instagram user handle – in hopes of exfiltrating sensitive user credentials.
Email security bypassed: Microsoft Exchange Email Security and Secure Email Gateway. Which is bad news if you depend on either to protect you from this sort of attack.
You can view the full report here.
Share this:
Like this:
Related
This entry was posted on November 17, 2022 at 9:01 am and is filed under Commentary with tags Armorblox. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.