Other ways to search: Events Calendar | UTHSC

Cybersecurity Scam of the Week – Instagram Credential Stealing Phish


Researchers found a phishing attempt targeting Instagram users offering verification badges as an incentive to click a link and type in their credentials (username and password) in order to steal them. The landing page is a fake website that uses real Instagram and Facebook logos to create a sense of legitimacy. 

These emails did have some signs of the classic phishing attempt, like grammatical errors and typos as well as a sense of urgency by stating the account will be deleted if you don’t respond within 48 hours. 

If you fall any type of phish that want your credentials, or you type them on a webpage and nothing happens (meaning you don’t get logged in and see your account), you have given away your information. Get control back of these accounts by using a legitimate means of accessing the site, like a bookmarked URL, and changing your passwords. Also, do reuse the same password for different accounts. If they stole it once, they will try it everywhere. 

What has been reported to abuse@uthsc.edu this past week?

  • [Ext] Attachment Purchase Order Ref E717 – a vaguely worded phish “Dear Customer” wanting the recipient to click an attachment
  • [Ext] (no Subject line) – here is an example of a bad attempt at English – “Kindly recommend your call phone # and wait for my text massage” – yes, a massage, not a message
  • [Ext] Your product will delivered today #766R86876-FGHFDHGDGD – another attempt to get the recipient to click on an attachment to see what’s coming
  • [Ext] orders report – this one just said the signed form was attached, hoping the recipient would open it to see who signed what
  • Students Employment – from a compromised account from another UT campus, this one is offering a too good to be true job opportunity
  • [Ext] HR uthsc Employee Benefits Enrollment Eligibility – HR would not use an external email address to deliver benefit information
  • UT NEWS – this was from another compromised account, with another job offer
  • OFFICE 365 – another compromised account, this one states that O365’s password will expire in 24 hours. The sense of urgency is a classic sign of a phish.
  • [Ext] Release held messages – this one stated that you had to click on a link to see some email messages. 
  • [Ext] TASK: Friday, Sept. 2nd – the start of a gift card scam
  • [Ext] Auto renewal was done / SAKIH-39752-DLKJO -an auto-renewal scam pretending to be from the Geek Squad

Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.