Social media phishing scams are nothing new, but scammers are getting more sophisticated with their fake emails, especially those posing as Instagram. In fact, the emails are convincing enough that they may catch unsuspecting people off-guard.

As this is a safety issue, we're going to take a look into the latest iteration of Instagram phishing scams and what you can do to stay safe.

Just remember that if you need support or someone to talk to, our Sonder support team is available 24/7 to chat whenever you need it.


So what's the latest version of this Instagram phishing email scam?

Like any other phishing scam, this Instagram phishing scam starts with an email claiming that a suspicious login has been detected or something similar. The email will also prompt you to secure your account by directing you to an external link. DO NOT CLICK THIS LINK - It is fake.

What makes this particularly difficult to separate from a legitimate email from Instagram is that the usual telltale signs of a fake phishing email are absent - such as spelling or grammatical errors.

Having said that, keep an eye on the email account the fake email is sent from as this remains a strong indicator that it's fake.

If you do click on the link claiming to secure your Instagram account, you'll be taken to a convincing recreation of the social media platform's "secure your account" page with an "It wasn't me" and "It was me" prompt that will take you to another fake page. Again, the telltale sign that it's fake is the suspicious URL - always keep an eye on this.

If you continue to click through the prompts, you'll be taken to a fake Instagram login page that asks for your account login details. Once again, DO NOT ENTER YOUR ACCOUNT DETAILS.

Should you enter your details (PLEASE DON'T), you'll be taken to a second login page claiming that your password is incorrect and asking you to enter more personal information, such as your location or phone number.

Once the scammers have all your information, they'll direct you to the genuine Instagram homepage to complete the facade that you've secured your account when in reality you've been scammed.

What can I do to stay safe?

If you've received a phishing email of any kind, the first thing is to avoid opening it and then delete it directly from your inbox. To minimise any risk of a scammer getting their hooks into you, make sure you:

  • Use strong and unique passwords for your logins - Don't use the same one for multiple platforms.

  • Turn on two-factor authentication if you can - You will also need a one-time code to log in as well.

  • Don’t overshare - You don't have to share everything on social media.

  • Stay vigilant - don't interact or reply to an account that seems suspicious.

If you've accidentally clicked on a link in the phishing email, do not enter any information on the site you're directed to. If you've clicked on or saved a suspicious attachment deleted it immediately and run an anti-virus scan on your device.

If you've shared personal details in response to the Instagram phishing email, you need to:

  • Secure your Instagram account and reset your password. Instructions can be found here.

  • Report the fake email to phish@instagram.com.

  • Change the passwords for any online accounts that might be at risk. Make sure to enable two-factor authentication for an extra layer of security.


If you have any questions or need extra support, we're here to help you anytime in any language. Simply start a chat with us via the home screen of the Sonder app.

Information sourced from: Instagram, Mailguard, and Naked Security by Sophos

Image credit: Solen Feyissa at Unsplash

All content is created and published for informational purposes only. It is not intended to be a substitute for professional advice. Always seek the guidance of a qualified health professional.

Did this answer your question?