A phishing campaign targeted corporate accounts since August 2021.

While ransomware has been trending for the past couple of years, it doesn’t mean scammers have stopped trying to carry out more ordinary attacks.

Researchers at Secureworks recently identified an extensive phishing campaign that targeted corporate accounts as well as individual influencers with a large number of followers.

The campaign starts with a fake Instagram message alerting a potential victim of a potential copyright infringement issue. The message is followed by shortened link behind an ‘appeal’ button. The link leads to a phishing site that mimics victims’ Instagram account.

Silhouettes of mobile users are seen next to a screen projection of the Instagram logo

Following instructions on the phishing site takes the victim to a login screen that prompts to enter Instagram accounts’ password. Unsurprisingly, scammers harvest the credentials to gain unauthorized access once the victim fills in the form.

“After gaining control of the Instagram account, the threat actors change the password and username. The modified username is a variation of ‘pharabenfarway’ followed by a number that appears to be the number of followers for the hijacked account,” reads the report.

Researchers identified numerous Instagram accounts taken over by ‘pharabenfarway.’ An analysis of the phishing sites meant to harvest victim credentials shows that the campaign started around August 2021.

Interestingly, researchers later found that the stolen accounts were sold on underground forums. One Instagram account, for example, was offered with a hefty price tag of $40,000.

Further analysis points to the campaign being operated by two threat actors named ‘Pharaben’ and ‘Farway.’ The first culprit used a phone number with a Russian country code while the second used a Turkish one.

Researchers claim that the investigation led them to think that the campaign might have originated in Turkey. In one incident, threat actors communicated using a Turkish-language version of Instagram. The page source for one of the phishing websites references a Turkish file-sharing service.

“While social media account takeover may seem insignificant, threat actors could access email accounts or other corporate resources if passwords were reused,” claim reports’ authors.

Take precaution

While it’s quite obvious why taking over a high-profile Instagram account might interest malicious actors, be it for public damage or extortion, it’s less so for accounts that wouldn’t be considered valuable.

However, one way to abuse a hacked account is by sending spam or malicious links to unsuspecting friends in your account. There’s a greater probability that someone you know will click on a link sent by you rather than an unknown account.

While it’s highly unlikely scammers will retire phishing attacks any time soon, there are ways to protect against attempts to breach your account. The first action everybody needs to take is enabling multi-factor authentication (MFA) or, at the very least, two-factor authentication (2FA).

There are strong incentives to do that, as experts claim that MFA can increase the level of security by a staggering 99%. That is likely the reason why attempts to break into my Instagram account have been unsuccessful.

Creating an account-specific strong password is equally essential. Having different passwords makes it a lot harder for malicious actors to penetrate your defenses in case of a data leak. If you’re reusing the same password for several accounts, it can take a single data leak to compromise large parts of your online presence.


More from CyberNews:

Meta introduces an AI supercomputer that could outperform all others by the end of 2022

Some online trackers know up to 80% of a user’s browsing history

The majority of ransomware attacks are targeted at the United States

Hacktivists claim to have hacked the Belarus railroad system

Mirai botnet used to steal confidential data via IoT devices

Subscribe to our newsletter