- An unnamed Turkish hacker group is using WhatsApp to launch a massive “Phishing attack” in India.
- A WhatsApp message saying “Your Instagram account will be taken down in the next 24 hours due to copyright infringement” is leading users to fill their account credentials.
- Once the account is hacked, there’s no way to report it to Instagram.
- Here's a first hand account of what happened on that day and what I learned from it
Before I begin narrating the whole incident, I want to ensure that the reader of this story is aware of the technical terms used in the text to follow. So, first and foremost, you should know what is a
phishing attack and how you can avoid such an attack.
What is a phishing attack?
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More A phishing attack starts with a fraudulent message, email, instant message or any other communication that is designed to lure a victim into clicking a link that’s placed very strategically in the email. The message is designed in a way so it appears to have come from a trusted sender. The victim is often lured into providing sensitive information such as login credentials, bank account details.
In this case, the users are asked to provide the Instagram password. What makes matters worse is that there is no way to report the hack to Instagram.
How did it actually happen?
I received a message from an unknown number on my Whatsapp at around 3 am. The sender had done really well to ensure that I don't doubt their identity by keeping the profile picture to be the
Instagram logo.
I was asked to click on a link sent on WhatsApp and then I was presented with a form, which already had the relevant email ID pre-filled and it asked for the password.
As soon as I filled the password and the form was submitted, an Instagram lookalike screen appeared affirming that they’ll get a response within 24 hours.
The hackers ensured a smooth user experience while filling up the form. The interface had been designed in a way so that there is never a doubt in my mind until the hack is complete.
After a few minutes, I was logged out of my account and the linked email ID was changed. There was no way for me to claim the account back. I tried searching Instagram help docs but couldn't find anything worth trying. It kept pointing to some cryptic reporting mechanism, which according to me doesn't exist.
Level 2 damage
Armed with my Instagram id and password, the hackers then moved on to taking control of my gmail too.but failed due to an additional security layer. The 2-step authentication wasn’t enabled on my Gmail until this attack.
Still, Gmail managed to block the hacker who was trying to log in from a new location and saved further damage.
However, it’s interesting to note that the link that Instagram had provided in the email to “secure the account” was going to a 404 and thus was of no help. There’s no clarity on the duration for which the link stays functional.
There’s no clear way of reporting the hack to Instagram as there’s no support email ID provided on the website and the help docs talk about some reporting mechanism that doesn’t exist.
There’s a way to report it through the app but that won’t work once the infiltrator has changed all the related information. The support ID
support@instagram.com was not working and Facebook replied saying that the ID is no longer functional and the I'm required to go to help.instagram.com to help myself.
The same hacker group attempted to get into the account again today. I received another message after I changed the number on my account.
Here's what I learned about Internet and Online data security and how can you save yourself with similar and other phishing attacks?
- Don’t click on random emails/text messages/Instant messages without verifying the identity of the sender.
- Secure your Instagram account with 2-factor authentication. It adds an additional layer of security and in most cases, a non-penetrable one.
- Look for the padlock when you visit a website to know more about the organization and to understand where the URL is safe to visit.
- Lookout and identify common phishing language Verify your account or secure your account.
See Also Hackers can use charging cables to steal your data
Next Story
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
In second consecutive week of decline, forex kitty drops $2.28 bn to $640.33 bn
SBI Life Q4 profit rises 4% to ₹811 crore
IMD predicts severe heatwave conditions over East, South Peninsular India for next five days
COVID lockdown-related school disruptions will continue to worsen students’ exam results into the 2030s: study
India legend Yuvraj Singh named ICC Men's T20 World Cup 2024 ambassador
