From past few days, several celebrities and verified media accounts have been receiving a direct message on Instagram informing that copyright infringement has been detected in their photos/ videos. The Instagram ID through which the actors get the DM is from a verified account. People mistake it to be real and fall prey for this phishing scam.
What is a phishing scam?
DMs sent on Instagram and now Twitter as well claiming copyright infringement is a phishing attack. Beware of these phishing attempts by fake verified Instagram accounts. These scamsters can access and hack your information.
Urmila Matondkar falls for the phishing scam - Instagram account hacked.
Unfortunately, this is exactly what happened with Urmila Matondkar on Wednesday. Actor-politician Urmila Matondkar on Wednesday said her Instagram account has been hacked.
Ms Matondkar took to Twitter to report that her Instagram profile was compromised after she responded to a direct message (DM) on the photo-video sharing app.
"My Instagram account has been hacked @instagram. First, they DM you and ask to follow a few steps and verify the account and then it gets hacked. Really!? #NotDone," the 46-year-old actor wrote on the microblogging site.
Posts from Ms Matondkar's Instagram account were wiped out, with the display name changed to "Instagram Support."
Urmila has filed an FIR with Maharashtra Cyber, the state police's cyber wing.
Matondkar has filed a First Information Report (FIR) with Maharashtra Cyber about the account hack, adding women must not take "cyber crimes" lightly.
"Cybercrimes" is not something that women should take lightly.. as I went to file FIR on my @instagram ac hacking met this dynamic DCP #cybercrime @MumbaiPolice Smt. Rashmi Karandikar who enlightened me a lot more on the issue. Will surely be working on it in future. @MahaCyber1," she said.
“Cyber crimes” is not something that women should take lightly..as I went to file FIR on my @instagram ac hacking met this dynamic DCP #cybercrime @MumbaiPolice Smt. Rashmi Karandikar who enlightened me lot more on the issue. Will surely be working on it in future. @MahaCyber1 pic.twitter.com/0cSKaoeONX— Urmila Matondkar (@UrmilaMatondkar) December 16, 2020
What is 'fake 'copyright infringement on Instagram?
Do not entertain this message [Avoid]
Instagram | Copyright Infringement Center
Hello Instagram User,
We have received many complaints about your account for a long time.
We wanted to inform you about this. Before you delete your account, some of the posts you posted are against our community guidelines.
If you think the copyright infringement statement is false, you must provide feedback.
Otherwise, your account will be permanently deleted from the platform within 72 hours.
Copyright Appeal Form:
Don't forget to contact us after confirming your account. Make sure you fill in the information correctly.
Thank you for your understanding.
© Instagram. Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025
Stop and think before you click the link.
Clicking the button of 'Copyright Objection Form' redirects the user to a fake Instagram page. Moreover, the page's URL doesn't end in '.com' but in '.cf' or ml, which adds to the illusion that the domain is an Instagram one on the mobile web browser.
The page seeks to appear legitimate and official by using an SSL certificate, represented by 'HTTPS' in the address bar and green padlocks. If the users click through, they would then be asked to give their email ID, date of birth, and Instagram password.
After obtaining all the private information of the users, the phishing page redirects them to the official Instagram login page for maintaining the illusion that the copyright objection form was authentic. If the Instagram users fall for this trick, the hackers can take control of their accounts undisturbed.
Know more about copyright infringement
A new phishing scam is targeting most of the Instagram users by accusing them of Copyright Infringement and obtaining their credentials. It baits the users into giving away their login details using bogus copyright infringement alerts.
The attack begins with a phishing email distributed as a part of this fake campaign that claims a user's account will be suspended in 24 hours for violating Instagram's Copyright Law. It triggers the users with a copyright notice and the users who wish to refute the claim can do so by clicking on the 'Copyright Objection Form' button embedded in the same email.
How can you safeguard your account?
As a matter of fact that yes; some of the Instagram users are bound to fall for such kind of scams. If you have got either your account hacked or credentials stolen but can still access the account, you first need to check whether your correct email ID and mobile number are still associated with your account or not. For doing so, click on 'Edit Profile' option and scroll down to view the current mobile number and email ID.
If the attackers have changed the info, try to enter your details. After this, you should change your password as well, which would automatically log off all devices currently logged into your account, and give you the full control of your account. In case you lose complete access to your account, you can report the incident to Instagram's security and wait for Instagram to confirm your identity with either your mobile number or email ID using which you had signed up.
Such scams are yet another reminder for all the users to read the emails carefully and further inspect the URLs of all the links. They should also enable two-factor authentication on their social media accounts for protecting their identity and private details.