From prodefence.org
Instagram users are currently targeted by a new phishing campaign that uses login attempt warnings coupled with what looks like two-factor authentication (2FA) codes to make the scam more believable.
Crooks use phishing to trick potential victims into handing over sensitive information via fraudulent websites they control with the help of a wide range of social engineering techniques, as well as messages designed to look like they’re sent by someone they know or a legitimate organization.
In this case, the phishing e-mails distributed by the attackers behind this campaign use fake Instagram login alerts stating that someone attempted to log in to the target’s account, asking them to confirm their identity via a sign-in page linked within the message.