While checking my emails this morning, I saw an email from Instagram telling me they’re sorry to hear I was having trouble logging in. The address from which the email was sent seemed legit, and so did the body of the message. But the thing is – I didn’t have trouble logging in. So, instead of clicking on the link provided, I did a little research. It turns out that there has been a highly believable phishing scam going around. With this article, I want to help you recognize it and not fall for it.
The address and the email body: seems legit
The email came from firstname.lastname@example.org, which seemed completely legit. However, I got it on my Yahoo mail, which is connected with my personal Instagram account. I never had trouble logging in there, which was what made me suspicious.
The first thing I did was opening Gmail. I found messages Instagram sent there because I recently forgot the password for my other account (the one for embroidery). I checked the email address – and just as I thought, email@example.com was legit indeed.
After realizing that the email was indeed from Instagram, something still felt weird. So, I went on digging. I discovered that there actually has been a scam connected with this email address even though it belongs to Instagram. I found a post on Reddit from two years ago where someone got the email from the same address. Only their read that someone had tried logging into their account and “Instagram” wanted them to secure it.
Then I found iOSborn’s video from last year. He received a few similar emails telling him that someone tried logging in to his Instagram account. The email address was, once again, firstname.lastname@example.org. However, the emails were phishing attempts, and he shares a method for checking it.
How can you tell if the email is legit or not?
Well, on the first look – you can’t. That’s the main problem. However, you can invest a little bit of extra effort and find out whether it was really Instagram that sent you the email.
Open your Instagram account and click on the three lines in the upper right corner. Go to Settings > Security > Emails from Instagram. You’ll get a list of emails Instagram sent you over the last two weeks. In Osborn’s case, none of the emails he received were legit even though the email address was!
A plot twist
After all my suspicion and searching the internet, it turned out that the email I received was actually sent from Instagram. I’m pretty confused, though, because I’ve been logged into my personal account for ages. In fact, that’s the only one I actually know the password for. Maybe someone else was trying to log in to my account, I have no other explanation.
Thanks to my skepticism (or should I say paranoia), I learned two things: one, there has been a very believable phishing scam going around; and two, there is still a way to check whether it’s a scam or a legit mail from Instagram. Even though the email I got was legit, it could have easily been a scam, as it was in Osborn’s case. So, when in doubt, make sure to always check the sender’s email address and carefully examine the body of the email. And even if everything looks okay, still check Emails from Instagram within the app to make sure everything is legit.