Instagram scammers as busy as ever: passwords and 2FA codes at risk


We monitor a range of email addresses related to Naked Security, so we receive a regular (a word we are using here to mean “unrelenting”) supply of real-world spams and scams.

RELATED POSTS

Some of our email addresses are obviously directly associated with various Sophos-related social media accounts; others are more general business-oriented addresses; and some are just regular, consumer-style emails.

As a result, we like to think that our personal scam supply is a reliably representative sample of what the crooks are up to

… And, as you’ve probably noticed yourself, even though we see all the “old favorites” pretty much all the time, we often see bursts of one specific scam topping our personal prevalence charts.

At one point, sextortion scams were in the # 1 spot (that odious sort of message turned into a real deluge in 2019 and 2020).

Then home delivery and parcel scams went wild for a while; then we had a flurry of Docusign ripoffs.

Right now, however, our scam feed is awash with a variety of frauds targeting Instagram, Instagram, and Instagram.