From hotforsecurity.bitdefender.com
Attackers are looking to steal the credentials of Instagram, Facebook, and Twitter users with elaborate phishing campaigns. The target of these campaign employees of major enterprise organizations.
It might seem odd that attackers would go after social media accounts, but they have good reasons for this strategy. One of the reasons is that many people tend to use the same passwords for their personal and work accounts, which means that bad actors will often get a password that works on multiple domains.