Attackers attempted to compromise 22,000 Instagram accounts belonging to employees of an unnamed national institution within the Ministry of Education. The plan was simple - the scammers planned to attack users with phishing emails that warned them of suspicious activity from an unfamiliar device.
According to Armorblox experts, during this attack, hackers used one of the tactics of social engineering - they provided information about the accounts of the victims in the letter (for example, a nickname) so that the letter was credible.
The letter asked victims to protect their account from unauthorized login attempts as soon as possible. To do this, the hackers tried to force users to click on a link that redirects victims to a phishing page where they are prompted to enter their credentials in order to “protect” the account. If the victim does this, then his username and password go to attackers who collect information from a fake page.
Armorblox added that the phishing emails bypassed Microsoft's built-in email protections. The attackers used a working domain with a good reputation to send emails.
More than 22,000 victims should have had malicious emails, but Armorblox detected and stopped the cyber attack in time, so users can sleep peacefully - they are not in danger.