Instagram Phishing Scams

April 1, 2026

---

Cybercriminals are getting increasingly crafty, and a new Instagram phishing scam shows just how far they will go to steal personal information. A notable trend used by scammers involves sending emails that look like legitimate Meta login alerts, complete with a six‑digit verification code and urgent prompts to “secure your account.” But instead of directing victims to a fake website, the links open a pre-filled email reply. Once a user hits send, the attackers know the email address is active and begin engaging directly, often asking for sensitive information under the guise of resolving a fake login issue.

What makes this scam especially deceptive is the use of “typosquatting” – domains that look nearly identical to real ones, making the emails appear legitimate at a glance. Because these fake addresses can slip past automated security checks, users may feel safer replying than clicking a suspicious link. The safest approach is simple: don’t click, don’t reply, and never share login credentials over email. Instead, verify any alerts directly in the Instagram app under Settings > Accounts Center > Password and security. If no unusual activity appears there, the email you received was likely a hoax. Staying cautious and double‑checking alerts can help protect your personal and financial information from increasingly sophisticated scams.