Threat actors spoofed Instagram in a failed attempt to compromise 22,000 employee accounts at a national unnamed institution within the Education ministry.
Crooks intended to target Instagram users with a phishing email, spoofing Instagram and notifying recipients about unusual login activity from an unrecognized device.
"This targeted email attack was socially engineered, containing information specific to the recipient - like his or her Instagram user handle - in order to instill a level of trust that this email was a legitimate email communication from Instagram," Armorblox said on Thursday.
As typical with unusual logins, users were prompted to review details and secure their accounts following fake reports of unauthorized access. The goal of the message was to instill a sense of urgency in the victims.
Threat actors purported to get victims to click on the link, which would have redirected them to a fake landing page created to exfiltrate login data.
The fake landing page contained a "This Wasn't Me" action button, navigating victims to a second fake landing page, prompting users to change their account information since somebody allegedly may have their login details.
"Credential phishing attacks like this one are crafted to exfiltrate and give credentials straight to the attacker. Victims are more likely to fall for attacks that exploit common workflows, and in this case, victims were instructed to follow the steps that they believed to be protecting them from this very scenario," Armorblox said.
The cybersecurity company added that the phishing email bypassed native Microsoft email security controls. Attackers used a valid domain to send the fake email - the sender domain received a reputable score of trustworthiness and no discovered signs of infections in the past 12 months of the domain's 41 months of existence.
The email was intended to have been delivered to over 22,000 user mailboxes. However, Armorblox said it detected this email attack that contained a malicious URL.
More from Cybernews:
Subscribe to our newsletter