Key Points
- A new phishing scam is targeting Instagram users with fake login alerts. The emails appear to be real Meta alerts, tricking you into replying.
- Once you reply, scammers know your email is active and will try to get more personal information from you.
- The scammers are using “typosquatting” to create email addresses that look legitimate.
- To stay safe, always check for real login alerts directly in the Instagram app’s security settings, not through email links.
A new and sneaky phishing scam is targeting Instagram users with fake login alerts. Cybercriminals are sending emails that look exactly like the real ones from Meta, warning you about a login from an unfamiliar device. The goal is to make you panic and reply, revealing that your email address is active.
Here’s how it works: The email contains a six-digit verification code and a link to report the issue if the login wasn’t you. However, instead of taking you to a fake website, clicking the link opens up your default email app and creates a pre-filled reply to the scammers. Once you hit send, they know they have a live target.
This is the “long game.” The scammers will then engage you in a conversation, pretending to be from Instagram support. They might ask for your account details or other personal information to “help” you with the bogus login issue. Before you know it, you could be handing over your sensitive information.
The scammers are also using a clever trick called “typosquatting” to make their email addresses look legitimate. They register domains that are just slightly different from real ones, which can make them hard to spot.
So, what should you do? If you get an email like this, don’t click on anything. The best way to check for real login alerts is to go directly into the Instagram app and look at your security settings. There, you can see all the devices you’re logged into and log out if you see anything suspicious. If you don’t see any strange devices in the app, the email is almost certainly a fake.
