Instagram users are being targeted by a new phishing campaign that uses login attempt warnings and what looks like 2FA codes to make the scam more believable. The phishing e-mails distributed by the attackers behind this campaign use fake Instagram login alerts stating that someone attempted to log in to the target’s account, asking them to confirm their identity via a sign-in page linked within the message. The messages are designed to look as close as possible to what official messages coming from Instagram to avoid raising any suspicions before being redirected to the attackers’ phishing landing page.
Source: https://www.bleepingcomputer.com/news/security/instagram-phishing-emails-use-fake-login-warning-baits/

