Instagram is rolling out a really neat way for users to identify phishing scams. If you receive an email claiming to be from the company, you can easily check in the app…
TNW reports that the app will now show you a complete list of any genuine emails sent to you; if the email you have received isn’t shown here, it’s fake.
The feature — dubbed “Emails from Instagram” — is accessible via the app settings, and allows you to check all the legitimate emails Instagram has sent over the last 14 days.
The new feature can be found at Settings > Security > Emails From Instagram.
So, if you’ve received an email claiming to be from Instagram asking you to reset your password, you can simply fire up the app and check if it’s in the list of security-related emails.
Instagram likely developed the feature in response to a major phishing attack in late August, noted by Sophos.
Here’s another attack we received this week that was much more believable, this time going for Instagram accounts [and giving a 6-digit code in the email].
We dont like to admit it, but the crooks thought this one through.
Apart from a few punctuation errors and the missing space before the word ‘Please’, this message is clean, clear and low-key enough not to raise instant alarm bells.
The use of what looks like a 2FA code is a neat touch: the implication is that you aren’t going to need to use a password, but instead simply to confirm that the email reached you […]
The phishing page itself is a perfectly believable facsimile of the real thing, and comes complete with a valid HTTPS certificate.
This is an approach that could easily be used by other app developers to enable their users to identify phishing scams. Maybe even Apple could build it into a future version of iOS, given the number of phishing attacks targeting Apple IDs?