BleepingComputer reports that thousands of Instagram users are being targeted in an ongoing phishing campaign that uses blue-badge offers as lures.
Attackers commenced the campaign on July 22, with more than 1,000 phishing messages sent on July 28 and Aug. 9, a report from Vade showed.
Instagram and Facebook logos were included in the phishing emails informing recipients regarding their blue badge eligibility. Individuals given the messages have been urged to click on an embedded link that would redirect to a submission form hosted on the "teamcorrectionbadges" domain in a bid to establish legitimacy.
Researchers observed a three-stage form used in the attack, which separately seek for users' username, name, email, phone number, and password. Completion of the process would prompt a verification message that also includes a fake case ID, researchers added. Combatting such scams requires increased awareness of Instagram's verification program, which only grants blue badges to celebrities, brands, and notable public figures who directly apply using the official platform.
SiliconAngle reports that more companies have been conducting purple team cybersecurity threat evaluations, with security penetration testing firm SpecterOps being the latest to create a collaboration between its offensive and defensive cybersecurity teams in testing and defending corporate systems.