Phishing attacks are a common way of getting someone’s credentials without them knowing about it. If you don’t know, phishing attacks involve an attacker using a look-alike page of a website to trick the victim into entering their credentials thinking they are typing it on the actual website.
However, the new attack is a little complicated and is using 2FA to gain access to a victim’s account. The attack was first discovered by the security researchers at Sophos (via Forbes). The researchers warned that hackers are using 2FA pages to make users believe that there has been an unauthorized login and they are required to login to confirm their identity. The email is obviously fake but the terrifying aspect is how similar the page looks to the actual Instagram login page. The team at Sophos said, “We don’t like to admit it but the crooks thought this one through”. What makes this even more convincing is the added SSL. The hackers acquired a SSL certificate for the website which adds HTTPS and a green padlock to assure users they are on the real Instagram website.
The phishing page itself is a perfectly believable facsimile of the real thing, and comes complete with a valid HTTPS certificate.
A site without a padlock definitely isn’t to be trusted—but a site can’t automatically be trusted just because it has a padlock and was advertised with emails that were spelled correctly.
Sophos team also issued a piece of great advice for users. If you ever get emails which require access to social media then don’t follow the link in the emails. Instead, sign in into the website normally and then follow the steps in the email to fix the issue. This will make sure you don’t accidentally put your credentials into a phishing website.
Additionally, always check the domain. Don’t just look at the green padlock as it’s easy to get one. Look for the actual website and if it looks suspicious then it probably is. Most companies like Facebook and Instagram use a top-level domain (.com). This should help you identify a phishing website as it will be using a different domain. For instance, here the hacker is using “.cf” which is a domain assigned to registrations in the Central African Republic. It’s cheap and easily available, hence a perfect use case for hackers and a big red flag for the users.
So, how to protect yourself from these attacks? The simple answer is to use common sense. If you get an unexpected email from an app or even from Instagram or Facebook then make sure you’re going to the right website. If an app really wants your attention, it will automatically navigate you to the required place whether you follow the link in the email or not. When in doubt, do a little research. Who.is is a great place to check who owns the domain and above all, remember no one is lining up to give you a billion dollars or a thousand coins in your favourite game. Always use your common sense. If it’s too good to be true, then it probably is.