CERT-RO Warns Of A New Instagram Phishing Campaign

by | September 12, 2021 | Cybersecurity News

Social media has caught the eye of bad guys, who prey on any opportunity to go phishing. A new Instagram phishing campaign targets Romanian users.

The National Cyber ​​Security Incident Response Center (CERT-RO) warns of the potentially malicious messages received on Instagram. Users can receive a link that leads to compromised sites created to spread spyware, adware, or even ransomware.

A new phishing campaign targets Instagram users.

The New Instagram Phishing Campaign Comes Right After A Similar One Targeting Facebook Users

Shortly after a phishing campaign targeted Facebook users with fake “looks like you” and “you appear in this video” type of messages, a similar attempt is circulating on Instagram these days.

These messages contain a malicious link, which the sender claims is a video or a picture in which the recipient appears. The text of the received message can be both in Romanian and in English, the National Center for Response to Cyber ​​Security Incidents (CERT-RO) noted.

Source: CERT-RO

The malicious URL does not lead to the promised clip.

“The attackers do not provide additional details and take advantage of human curiosity to make the user click. Moreover, they use a URL naming service to hide the actual site you are about to visit“, CERT-RO explained.

“In some variants, the link redirects to a phishing site, where the attackers collect the authentication data to the Facebook account of the potential victim, and in others accessing the link can lead to the installation of malicious software. For example, if you are redirected to a fraudulent login and enter your credentials, they are uploaded to an online remote server that cybercriminals have access to. They can use them directly to try to gain access to your account, from where they can extract additional data or launch other attacks, or sell them on forums dedicated to hackers.”

CERT.RO is the Romanian national cyber security and incident response team

Usually, accessing that link redirects the victim of the attack through multiple websites compromised or even designed to spread various types of cyber traps, including spyware, adware, or even ransomware.

“At the same time, the message will be sent to your contacts on social media, and friends you have in your account list will be in danger of falling into the same trap. That is why it is important, in addition to avoiding accessing links from unknown sources or unsolicited messages, to have a security solution installed on devices, with which to scan such resources that you are not sure about “, CERT- RO experts said.

Be very cautious of the messages you receive on social media. For example, if you receive a link in a private message associated with messages such as “looks like you,” “you appear in this clip,” or “it took me about 3 hours to make,” it is strongly recommended NOT to access the link provided.

If you’ve already accessed the poisoned link, CERT-RO recommends taking the following steps:

  • Immediately change your social media account password;
  • Enable 2-factor authentication;
  • Make sure that you are not logged in to the account in suspicious locations that you do not recognize, and that no third-party applications have been granted permissions on your account. Remove those applications that you consider suspicious.

Prevent Phishing Attacks With ATTACK Simulator’s Security Awareness Training

Not even social media is safe anymore from phishers. As technology and means of communication become more and more diverse and indispensable, so do phishing strategies.

A phishing attack can be extremely damaging to your business. Your employees are the most attractive targets, so you should seriously consider implementing security awareness training in your company.

To objectively assess your company’s exposure and vulnerability to phishing attacks, we strongly advise you to use our free security awareness training trial.

Our realistic phishing simulations will expose your employees to life-like hands-on fake phishing attacks.

Here’s what we put on the table:

  • Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
  • Real-life scenarios – we evaluate users’ vulnerability to give company-related or pesonal data away using realistic web-pages.
  • User behavior analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
  • We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.

Choose ATTACK Simulator’s Security Awareness Training program to provide your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers.


Mediafax www.mediafax.ro/social/inselatorie-pe-instagram-la-ce-mesaj-trebuie-utilizatorii-sa-fie-atenti

CERT-RO www.facebook.com/CERT.RO/


Feature Image: Photo by Solen Feyissa on Unsplash

Instagram vector created by ibrandify – www.freepik.com

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.