Attackers tried to compromise 22,000 records on Instagram, owned by employees of an unnamed national institution as part of the Ministry of Education. The plan was simple – scammers planned to attack users using phishing letters, in which there was a warning about suspicious activity from an unfamiliar device.
As the Armorblox experts say, during this attack, attackers used one of the tactics of social engineering – provided information about the accounts of the victims (for example, nickname) in the letter to cause confidence.
In the letter, the victims were invited to protect their account from unauthorized attempts to enter as soon as possible. To do this, hackers tried to force users to click on a link that redirects victims to the phishing page, where they are invited to enter their accounts in order to “protect” the account. If the victim is conducted, then her username and password go to attackers collecting information from a fake page.
A letter from attackers.
Armorblox added that the phishing letters bypassed built -in Microsoft email protection tools. To send letters, attackers used a working domain with a good reputation.
Malicious letters should have turned out to be more than 22,000 victims, but Armorblox found it in time and stopped the cyberataka, so users can sleep calmly – nothing threatens them.