Home » Technology » New Phishing Method Targeting Instagram Accounts Bypasses Two-Factor Authentication

New Phishing Method Targeting Instagram Accounts Bypasses Two-Factor Authentication

Jakarta

User Instagram asked to be more alert because there is a method account theft just late phishing. This new method can even break into Instagram accounts without requiring a code two-factor authentication (2FA).

This method of stealing Instagram accounts was discovered by the cybersecurity company Trustwave. Instead of 2FA, Instagram account thieves target backup codes to take over user accounts.

So far, internet users have been taught to activate 2FA to provide an additional layer of security on their accounts. 2FA can be a one-time password sent via SMS or WhatsApp, or created by an authenticator application.

Apart from 2FA, Instagram also provides other options to secure your account, one of which is using a backup code. This eight-digit code can be used to log in to a new device if the user cannot access the selected 2FA method, for example because they have lost their cellphone.

Instagram provides five backup codes that users can use and one code can only be used once. If this code falls into the hands of cybercriminals, they can immediately take over the Instagram account without the help of 2FA.

So how can cybercriminals access the backup code? Of course, with a phishing method that is spread via email while pretending to be Meta, the parent company Instagram. The email claimed the user had violated copyright and was asked to appeal if he did not want his account deleted.

When the link to submit an appeal is clicked, the user will be greeted with a phishing page that is made to look like the official portal from Meta. After that, the user will be directed to a new page to provide their Instagram account email and password, as quoted from 9to5Mac, Saturday (23/12/2023).

After providing account credentials, users are asked if they have 2FA enabled. If the user answers ‘Yes’, cybercriminals will ask the user to enter one of five backup codes. They even explain the steps to get the backup code in the Instagram application.

So far, internet users have always been asked not to share passwords and 2FA with strangers, but there has been no similar warning about backup codes. Even though backup codes are now widely used by service providers on the internet, such as Instagram, Facebook, Gmail, Twitter/X, and many more.

If you have ever been a victim of phishing as above, immediately change your Instagram account password and create a new backup code. It’s easy, open the Instagram application, go to Settings and privacy > Account center > Password and security > Two-factor authentication > select an Instagram account > Additional methods > Backup code > Get a new code.

Watch the Video “Instagram Users Can Now Download Reels Content”

(vmp/jsn)

2023-12-23 12:45:08
#Alert #Instagram #Account #Theft #Mode

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.