Catches of the month: Phishing scams for September 2020

In our latest round-up of phishing scams, we look at a novel Instagram scam that targets victims through their direct messages, review the latest campaign that imitates Microsoft Office’s log-in page and discuss how even a cyber security training provider can fall for a malicious email.

Instagram ‘help centre’ scam steals your login details

Cyber criminals are targeting Instagram users via direct messages, according to cyber security researchers at Trend Micro.

The campaign has targeted thousands of popular Instagram accounts, including celebrities and small business owners.

One of the reasons it’s caught people off guard is that – unlike most Instagram-based phishing scams, which are typically emails that appear to direct users to the site – these scams are conducted on Instagram itself.

The scammers send users a direct message, claiming to be the Instagram help centre and saying that a copyright violation complaint has been filed against them and that their account is now at risk of being deleted.

The message contains a link that appears to take users to an appeal process but is instead the phishers’ trap.

Users are asked to submit their username, followed by their full name, password, email address and email password.

After the user fills in this information and clicks ‘Continue’, they are directed to the legitimate Instagram homepage – strengthening the illusion that it was a legitimate form.

Meanwhile, the scammers use the stolen information to log in to the user’s account, and unlink the associated phone number and email address.

The scammer now has complete control of the account as well as the user’s email address. They will then attempt to log in to other platforms or services using those credentials, or sell the information on the dark web.

It also enables them to view private messages or create posts on the hijacked account, which could be incredibly embarrassing for the victim.

To avoid falling for this scam, you must remember that official copyright complaints from Instagram will contain specific details about the alleged violation.

Instagram clarifies that: “If we remove content you posted because of an intellectual property report submitted through our online form, you’ll receive a notification from Instagram that may include the name and email address of the rights owner who made the report and/or other details of the report.

“If you believe the content shouldn’t have been removed, you can follow up with the rights owner directly to try to resolve the issue.”


See also:


Scammers are posing as contract partners to access company data

Researchers at Reterus are warning organisations about a phishing scam that attempts to trick people into handing over their work account details.

The scam begins with an email that asks recipients to edit a business partner contract using the file-sharing service Dotloop. This is a genuine platform used in the housing industry, and its authenticity is used by the fraudsters to gain victim’s trust.

However, this is misdirection, because when employees follow the link, they are taken to what appears to be a login page for their Microsoft account. It is in fact a duplicate set up by the fraudsters to capture victims’ login details.

Eagle-eyed employees will spot that the URL looks suspicious, but other than that, the scam is well executed and simple enough to catch people off guard.

Employee at cyber security training provider falls for phishing scam

The SANS Institute is one of the largest cyber security training providers in the world, but that doesn’t mean its staff can’t fall victim for the kind of scams that it warns other people about.

The organisation confirmed that, while reviewing its email configuration, it detected that an employee’s account had been compromised in a phishing scam.

The fraudster used their access to configure a rule that forwarded emails to the account to an external email address, and installed a malicious Office 365 add-on.

The SANS Institute didn’t provide any details about the add-on, but Bleeping Computer reports that it was likely an Office 365 Oauth app that’s used to gain and keep access to the email account for a prolonged period.

The configured rule forwarded 513 emails, which contained approximately 28,000 records of personal information for SANS members.

The good news is that the breach didn’t affect passwords or financial information, email addresses, names or phone numbers.

The SANS Institute says that those affected are being notified, and it is using the incident as an opportunity to host a webcast that will include lessons that can be taken from phishing scams such as this.

Can you spot a scam?

Make sure your staff know how to identify and avoid scam emails with our Phishing Staff Awareness E-Learning Course.

This 45-minute course uses examples like the ones above to explain how phishing emails work, what to look out for and the steps you should take to avoid falling victim.