Amorblox has highlighted a credential phishing attack that targeted roughly 22,000 students attending national education institutions with a campaign that impersonated popular social media platform Instagram. The Armorblox report details the threat and was released earlier this month. The phishing campaign consisted of an initial email that encouraged the victims to open the message, inducing a sense of urgency in the victims and making it appear as though action needed to be taken in order to protect their accounts.
The email appears to have come from Instagram support as the sender’s name, Instagram, and email address matched Instagram’s legitimate credentials. The attack was engineered to contain personal information about the recipient, such as his or her Instagram user handle. This established trust between the recipient and the sender of the email, as the message appeared to be legitimate email communication from Instagram. Once victims clicked on a link in the email, a fake landing page opened that included Instagram branding and details. The page was designed to exfiltrate user credentials.