This Instagram Copyright Infringement Notice is a Phishing Scam

If you ever receive a direct message on Instagram informing you that copyright infringement has been detected in your photos, beware: it may actually be a cleverly-disguised phishing scam.

This particular scam was first reported by Fstoppers writer Andy Day, who received a copyright infringement message that was purportedly from The North Face Chile (@thenorthfacechile).

Screenshot by Andy Day/Fstoppers.

@thenorthfacechile is a verified account with over 151,000 followers, and Google’s history shows that it previously had at least 1,098 public posts. It’s set to private now, and given that it’s sending out phishing messages, it appears that the account may have fallen victim to hackers who are now using it to scam.

“A copyright violation has been detected in a post on your account,” the message to Day stated. “If you think copyright infringement is wrong, you should provide feedback. Otherwise, your account will be closed without 24 hours.”

The message directs the recipient to visit the URL instagramhelpnotice.com to “provide feedback.” Clicking through brings you to a page that may look (upon first glance) like an official Instagram page — especially when viewed on a mobile device.

The first two steps ask you to log into your account by entering your username and then your password.

If you do provide a username and password, the next step is likely the scammer’s true target: your email address.

While Instagram accounts may not contain too much sensitive and exploitable information, many people may use the same passwords for both their Instagram and primary email accounts. Email accounts are targeted not only for the sensitive info found in their emails but also because they’re widely used for identity verification when recovering passwords for all kinds of other accounts and services.

If you provide an email address in the final step of this scam, you get redirected back to Instagram’s homepage as if nothing had happened… except your Instagram username, password, and email address are now in a scammer’s hands.

As is common in many kinds of scams, this copyright infringement scam is littered with spelling and grammar mistakes throughout the various steps, so always be on the lookout for that. And never log into any site that looks like an official page but isn’t hosted at the official domain name (which in this case would be instagram.com).

Stay alert and you can (hopefully) avoid falling victim to these scammers.


Update on 7/4/20: The North Face has confirmed to DPReview that its account was taken over by scammers for a time:

The official Instagram account for The North Face Chile (@thenorthfacechile) was hijacked by hackers on Friday, June 26th, and we currently do not have access to the account. We took immediate action to activate security protocol by changing the passwords to all of our social network accounts and have reported the problem to Facebook and Instagram support teams. We are currently waiting on further information and direction from their teams.

Discussion