A new phishing campaign targeting Instagram users is using fake copyright infringement notices to steal user credentials.

Detailed by security researchers at Kaspersky Lab Friday, the campaign sees Instagram users targeted with an email that pretends to be from Instagram.

The emails, usually with an address coming from an official-looking URL such as theinstagram.team read “we regret to inform you that your account will be suspending because you have violated the copyright laws. Your account will be deleted within 24 hours. If you think we make a mistake please verify, to secure your account.”

Users are then prompted to click on a button labeled “verify account.” If users click on the button, they’re prompted to input their Instagram credentials. For the double phishing blow, users are then presented with a second message, “we need to verify your feedback and check if your e-mail account matches the Instagram account.”

Should users then click on “Verify My E-mail Address,” they’re offered a list of email service providers. After selecting their provider, they’re then asked to submit both their email address and their password for the email account. Worse, if the email account is Gmail, the victims are also handing over access to their entire Google account as well.

“As soon as your data goes to the scammers, they can take over your Instagram profile and modify the information you need to recover it,” the researchers explained. “From there, they can start demanding ransom to give the account back to you, or start spreading spam and all kinds of malicious content using your hijacked account.”

Users are advised to take simple precautions to avoid being scammed in cases such as this phishing scheme. That includes not clicking on suspicious links, always checking the address bar for the URL of the web page and, probably best of all, only use the official Instagram app when interacting with the service.

Image: Kaspersky