Threat actors are targeting Instagram users with a relatively believable phishing scam that warns people about login attempts for their account and urges them to confirm their identity by entering what looks like a two-factor authentication (2FA) code on a sign-in page for which the URL has been provided.
If a user clicks on the link, they are redirected to a spoofed Instagram login page where they are asked to enter their login credentials. The website looks legitimate and uses a valid HTTPs certificate, so a “secure” padlock is displayed in from of the address bar. However, the domain name is all wrong.
Read more: Instagram Phishing Emails Use Fake Login Warning Baits