Kurzfassung
Attacker DMs creators posing as Meta Verified support: 'we detected suspicious activity, click link to verify or your account will be deleted'. Phish page asks login + 2FA TOTP code (relay attack). Often hits influencers, small businesses,...
Wie es funktioniert
Attacker DMs creators posing as Meta Verified support: 'we detected suspicious activity, click link to verify or your account will be deleted'. Phish page asks login + 2FA TOTP code (relay attack). Often hits influencers, small businesses,...
Warnzeichen
- Dringender Druck, sofort zu klicken, zu zahlen oder Codes zu teilen.
- Link oder Absender passen nicht zur offiziellen Organisation.
- Anfrage nach Kartendaten, Passwoertern, OTPs, Wallet-Signaturen oder Ueberweisungen.
Was tun
- 1Attacker DMs creators posing as Meta Verified support: 'we detected suspicious activity, click link to verify or your account will be deleted'.
- 2Tells: 1) DM comes from non verified Meta lookalike (no blue check); 2) urgency + threat of deletion; 3) link is meta verify help.com etc (typo squat); 4) site asks 2FA code immediately after login (real Instagram doesn't on familiar device).
- 3DO: only manage account via the official Instagram app; report DMs as phishing; enable hardware key 2FA.
Quelle
Meta-Adversarial-Threat-Report
Quelle geprueft vom Mythos Forensic Team
https://about.fb.com/news/category/security/FAQ
Ist Instagram 'fan support' / verification phish hijacking creator accounts ein reales Betrugsmuster?
Ja. Behandeln Sie Nachricht, Anruf oder Zahlungsaufforderung als verdaechtig, bis ein offizieller Kanal sie bestaetigt.
Was sind die ersten Warnzeichen?
Dringender Druck, sofort zu klicken, zu zahlen oder Codes zu teilen.; Link oder Absender passen nicht zur offiziellen Organisation.; Anfrage nach Kartendaten, Passwoertern, OTPs, Wallet-Signaturen oder Ueberweisungen.
Was sollte ich zuerst tun?
Attacker DMs creators posing as Meta Verified support: 'we detected suspicious activity, click link to verify or your account will be deleted'.; Tells: 1) DM comes from non verified Meta lookalike (no blue check); 2) urgency + threat of deletion; 3) link is meta verify help.com etc (typo squat); 4) site asks 2FA code immediately after login (real Instagram doesn't on familiar device).; DO: only manage account via the official Instagram app; report DMs as phishing; enable hardware key 2FA.
Kann LegalAudit meinen Fall pruefen?
Ja. Starten Sie den kostenlosen Chat und fuegen Sie Nachricht, Link, Absender oder Zahlungsdaten ein.