Scammers are sending fake copyright infringement notices through WhatsApp and email, claiming to be from Instagram. The message claims that the user’s Instagram account will be permanently deleted for violating copyright guidelines, unless the user provides feedback within 24 hours by clicking on a link.
The link leads to a phishing website where the user is asked for their Instagram username and password, followed by their email address and password.
Studies show that 80% of Bruneians use WhatsApp for businesses and sharing information via mobile devices. Due to the way that WhatsApp sends an SMS to users who login to their account on a new device, it leaves users open to account hijacking just by ‘shoulder surfing’. Someone who knows a user’s phone number can easily take over their account just by looking at the victim’s phone when it receives the 6-digit code.