PhishLabs has discovered a phishing site targeting Instagram users:
It is not clear if the intention of the responsible miscreants is to steal photos, email credentials, or Facebook credentials. It is probably the latter given the phishing site redirects to Facebook after stealing an email address and password. However, it does seem clear that with Facebook’s announced acquisition of Instagram all over the news lately and the rise in popularity of the photo sharing service, attackers have found a new brand to abuse.
But it is important to note there is nothing really special about Instagram to cyber-thieves. This incident is part of a trend of attackers using the brand name of any well known company as part of the lure. Many other companies that do not even have a consumer online presence have been used in phishing lures in recent months. Examples include real estate agencies and fast food chains.
In the future, we anticipate that virtually all well known brands will be used in phishing campaigns for no other reason than to leverage the trust in the brand to trick the user into divulging credentials or infecting themselves with malware.
As always, Heads-Up: Stop, Think, Click (or don’t!).