If you get an unexpected password reset email that appears to be sent by Instagram, it’s likely a good idea to ignore it. Users on social media have reported an uptick in a scam relying on fake — but very convincing — password reset emails from Instagram.
The cybersecurity-focused TikTok account @ohhackno posted a helpful explainer about the apparent scam, which has racked up some 4 million views.
A thread on the cybersecurity help subreddit has garnered hundreds of upvotes and comments, too. The scam is particularly frightening because the emails do appear to be quite convincing. Folks have reported that the email appears to come from a legit Instagram address and the design looks good, too.
Mashable Light Speed
Forbes reported that the sudden uptick in the scam is “related to a breaking story about a leak of 17.5 million Instagram user accounts by a threat actor on BreachForums.” The outlet itself reported getting the scam email. Mashable reached out to Meta for further information but did not immediately receive a response.
The best advice in most scam situations is to avoid clicking on any links. It’s unclear what scammers could be after, but clicking a sketchy link can put your data and account at risk.
If you receive a password reset email, @ohhackno helpfully pointed out that you can check recent emails sent by Instagram in the “password and security” section of your account settings. That’ll allow you to confirm if the message you received was, indeed, a fake.
So be careful what you click out there — as always, slow down and think it over.
Topics
Cybersecurity
Privacy
