A new Instagram phishing campaign has been discovered, attempting to scam users of the popular social media platform by luring them with the offer of a coveted "blue badge" — official verification of the user's profile. As part of the alleged verification process, users are asked to reveal their password and other sensitive information, all of which is sent directly to the attacker.
The campaign spikes more than 1000 emails per day and has been active for several weeks. Attackers create a sense of urgency and the illusion of a limited opportunity by warning users that if they ignore the message, the submission form for the blue badge will be permanently deleted in 48 hours.
Enabling multi-factor authentication (MFA) can help minimize the risk and safeguard your account, but it's not a silver bullet. A phishing framework called EvilProxy, for instance, can be used to steal session cookies and bypass MFA for many popular services.
The Advanced Email Security pack for Acronis Cyber Protect Cloud blocks phishing emails from ever reaching users' inboxes, preventing them from revealing their credentials in such attacks.