{"id":5891,"date":"2023-12-31T20:16:28","date_gmt":"2023-12-31T19:16:28","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5891"},"modified":"2023-12-31T20:16:28","modified_gmt":"2023-12-31T19:16:28","slug":"instagram-phishing-kampanja","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/12\/31\/instagram-phishing-kampanja\/","title":{"rendered":"Instagram phishing kampanja"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/instagram-phishing-targets-backup-codes\/\" target=\"_blank\" rel=\"noopener\">Primije\u0107ena je nova <em>Instagram<\/em> <em>phishing<\/em> kampanja<\/a> koja cilja korisnike <em>Instagram<\/em> dru\u0161tvene platforme, a koja koristi nekoliko razli\u010ditih tehnika da bi namamila \u017ertve na <a href=\"https:\/\/sajberinfo.com\/2022\/02\/23\/phishing\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>phishing<\/em><\/a> internet stranice i izvr\u0161i kra\u0111u ukrala <em>Instagram <\/em>rezervnih k\u00f4da za autentifikaciju u dva koraka (eng. <em>two-factor authentication \u2013 2FA<\/em>).<\/span><\/p>\n<div id=\"attachment_5894\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5894\" class=\"size-full wp-image-5894\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Instagram-Phishing.jpg\" alt=\"Instagram phishing kampanja\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Instagram-Phishing.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Instagram-Phishing-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Instagram-Phishing-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Instagram-Phishing-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Instagram-Phishing-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Instagram-Phishing-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/Instagram-Phishing-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5894\" class=\"wp-caption-text\"><em>Instagram phishing kampanja; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/31\/instagram-phishing-kampanja\/#INSTAGRAM_2FA_AUTENTIFIKACIJA\">INSTAGRAM 2FA AUTENTIFIKACIJA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/31\/instagram-phishing-kampanja\/#INSTAGRAM_PHISHING_KAMPANJA\">INSTAGRAM PHISHING KAMPANJA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/31\/instagram-phishing-kampanja\/#ZAKLJUCAK\">ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/31\/instagram-phishing-kampanja\/#ZASTITA\">ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"INSTAGRAM_2FA_AUTENTIFIKACIJA\"><\/span><span style=\"font-size: 14pt;\"><em><strong>INSTAGRAM 2FA<\/strong><\/em> <strong>AUTENTIFIKACIJA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Autentifikacija u dva koraka (<em>2FA<\/em>) pobolj\u0161ava bezbjednost naloga tra\u017ee\u0107i od korisnika da obezbijede dodatni metod verifikacije tokom prijavljivanja. Kada je <em>2FA<\/em> omogu\u0107ena na <em>Instagram<\/em> platformi, korisnici koji se prijavljuju sa nepoznatog ure\u0111aja moraju da unesu k\u00f4d. Da bi pristupio za\u0161ti\u0107enom nalogu i iskoristio prednost ovog dodatnog sloja bezbolnosti, <a href=\"https:\/\/sajberinfo.com\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni akter<\/a> mora da ima pristup elektronskoj po\u0161ti ili mobilnom ure\u0111aju.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Korisnici mogu da koriste rezervne k\u00f4dove, koji se sastoje od jedinstvenih 8-cifrenih brojeva, ako su primarni ure\u0111aj ili elektronska po\u0161ta nedostupni. Korisnik mo\u017ee ponovo da generi\u0161e kompletnu listu svaki put kada u\u0111e na svoj <em>Instagram<\/em> nalog, a ovi rezervni k\u00f4dovi va\u017ee samo za jednokratnu upotrebu.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Upotreba rezervnih k\u00f4dova predstavlja potencijalni rizik, jer ako zlonamjerni akteri dobiju ove k\u00f4dove, mogu da ih koriste kako bi iskoristili pristup <em>Instagram<\/em> nalogu na drugim ure\u0111ajima ako znaju akreditive korisnika, koje su mo\u017eda nau\u010dili putem drugih vrsta napada.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"INSTAGRAM_PHISHING_KAMPANJA\"><\/span><span style=\"font-size: 14pt;\"><strong><em>INSTAGRAM<\/em> <em>PHISHING<\/em> KAMPANJA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Napad po\u010dinje la\u017enim predstavljanjem zlonamjernih aktera u ime kompanije <em>Meta<\/em>, koja je mati\u010dna kompanija <em>Instagram<\/em> platforme, tako \u0161to se velikom broju korisnika po\u0161alju la\u017ena elektronska po\u0161ta.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">U elektronskoj po\u0161ti koju korisnik dobija, tvrdi se da je <em>Instagram<\/em> nalog prekr\u0161io propise o autorskim pravima i zahteva se 12-\u010dasovni obrazac za \u017ealbu. Elektronska po\u0161ta od zlonamjernog aktera prijeti da \u0107e trajno izbrisati <em>Instagram<\/em> nalog ako se ne dobije saradnja.<\/span><\/p>\n<div id=\"attachment_5895\" style=\"width: 985px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5895\" class=\"size-full wp-image-5895\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-3.webp\" alt=\"Phishing Emails\" width=\"975\" height=\"777\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-3.webp 975w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-3-300x239.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-3-768x612.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-3-15x12.webp 15w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><p id=\"caption-attachment-5895\" class=\"wp-caption-text\"><em>Phishing Emails with Google Link; Source: Trustwave<\/em><\/p><\/div>\n<p><span style=\"font-size: 14pt;\">Korisnik se \u0161alje na <em>phishing<\/em> internet lokaciju koja opona\u0161a zvani\u010dni portal kompanije <em>Meta<\/em> za kr\u0161enje pravila nakon \u0161to se klikne na vezu. Ova la\u017ena internet lokacija upozorava korisnika da klikne na drugu vezu koja je pogre\u0161no ozna\u010dena kao <em>Idi na obrazac za potvrdu<\/em> (<em>Potvrdi moj nalog<\/em>), odnosno <em>Go to Confirmation Form<\/em> (<em>Confirm My Account<\/em>).<\/span><\/p>\n<div id=\"attachment_5896\" style=\"width: 985px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5896\" class=\"size-full wp-image-5896\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-4.webp\" alt=\"Phishing Attacks\" width=\"975\" height=\"508\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-4.webp 975w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-4-300x156.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-4-768x400.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/image-4-18x9.webp 18w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><p id=\"caption-attachment-5896\" class=\"wp-caption-text\"><em>Phishing Attacks Targeting Account Backup Codes; Source: Trustwave<\/em><\/p><\/div>\n<p><span style=\"font-size: 14pt;\">Pritisak na sljede\u0107u vezu vodi korisnike na internet lokaciju za <a href=\"https:\/\/sajberinfo.com\/2023\/11\/07\/identity-theft\/\" target=\"_blank\" rel=\"nofollow noopener\">kra\u0111u identiteta<\/a> koja izgleda kao \u201c<em>Centar za \u017ealbe<\/em>\u201d kompanije <em>Meta<\/em>. Ova la\u017ena internet stranica zahteva od \u017ertava da dva puta unesu svoje korisni\u010dko ime i <a href=\"https:\/\/sajberinfo.com\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinku<\/a>. Analiza je otkrila da je elektronska po\u0161ta do\u0161ao sa domena \u201c<em>contact-helpchannelcopirights[.]com<\/em>\u201d, koji nije u vlasni\u0161tvu kompanije <em>Meta<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Nakon prikupljanja potrebnih informacija, <a href=\"https:\/\/sajberinfo.com\/2022\/01\/02\/phishing-meta-su-ljudi-ne-tehnologija\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>phishing<\/em> <\/a>internet lokacija tra\u017ei od korisnika da potvrdi da li je za\u0161titio svoj nalog pomo\u0107u <em>2FA<\/em>. Ako to bude potvr\u0111eno, internet lokacija \u0107e zatra\u017eiti osmocifreni rezervni k\u00f4d.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Sada kada postoji toliko mnogo na\u010dina za prijavu na <em>Instagram<\/em> i zlonamjerni akteri koriste ovu \u010dinjenicu. U scenariju koji je opisan iznad, zlonamjerni akteri su dodali korisni\u010dke rezervne k\u00f4dove za autentifikaciju u dva koraka na listu podataka koje \u017eele da ukradu.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Podaci koje napada\u010di dobiju preko ove vrste <em>phishing<\/em> napada mogu se prodati drugim zlonamjernim akterima ili koristiti za preuzimanje korisni\u010dkih naloga. Kako bi se ovo izbjeglo, korisnici ne smiju dijeliti lozinke ili k\u00f4dove i moraju biti oprezni u vezi sa na\u010dinom na koji se ovi podaci \u010duvaju. Ako su k\u00f4dovi za autentifikaciju u dva koraka predati napada\u010du, potrebno je odmah promijeniti lozinku i generisati nove k\u00f4dove.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><strong><span style=\"font-size: 14pt;\">ZA\u0160TITA<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kako bi se korisnici za\u0161titili od prevara kr\u0161enja autorskih prava i drugih poku\u0161aja kra\u0111e identiteta <\/span><span style=\"font-size: 14pt;\">korisnici bi trebalo da prate slijede\u0107e savjete:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">Korisnici nikada ne bi trebalo da kliknu na \u201c<em>korisne<\/em>\u201d veze u elektronskoj po\u0161ti. Umjesto toga, korisnici treba da odu direktno na internet stranicu kompanije ili koristite renomirani pretra\u017eiva\u010d da prona\u0111ete ispravnu vezu.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Korisnici bi trebalo da razmisle prije nego \u0161to kliknu na bilo koju vezu, jer zlonamjerni akteri poku\u0161avaju da unesu osje\u0107aj hitnosti i iskoriste emocije protiv korisnika u ovakvim napadima. Ako je korisnik zabrinut da \u0107e izgubiti pristup svome nalogu, on mo\u017ee kliknuti na vezu i unijeti svoje akreditive bez razmi\u0161ljanja i na taj na\u010din omogu\u0107iti zlonamjernim akterima da do\u0111u u posjed ovih podatka.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Pravopisne i gramati\u010dke gre\u0161ke u elektronskoj po\u0161ti, kao i u internet adresama su glavni pokazatelji zlonamjernog djelovanja. Zlonamjerni akteri \u010desto koriste slike i logotipe brendova da bi njihova elektronska po\u0161ta za kra\u0111u identiteta izgledali legitimnije, ali \u010desto prave gre\u0161ke. Pregledavanje svake poruke pa\u017eljivo, mo\u017ee pomo\u0107i korisnicima da izbjegnu da postanu \u017ertve ovih prevara.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Ako korisnik sumnja da je dobijena poruka la\u017ena, mo\u017ee provjeriti sa drugim korisnicima da li su se susreli sa ne\u010dim sli\u010dnim. Iako je to najbolje uraditi li\u010dno, prihvatljiva je internet komunikacija. Mo\u017eda najbolja opcija je kontaktiranje tima za podr\u0161ku kompanije kako bi stigla kona\u010dna potvrda o legitimnosti dobijene poruke.<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Primije\u0107ena je nova Instagram phishing kampanja koja cilja korisnike Instagram dru\u0161tvene platforme, a koja koristi nekoliko razli\u010ditih tehnika da bi namamila \u017ertve na phishing internet stranice i izvr\u0161i kra\u0111u ukrala Instagram rezervnih k\u00f4da za&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5894,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[653,652,61,654],"class_list":["post-5891","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-2fa","tag-instagram","tag-phishing","tag-two-factor-authentication"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5891"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5891\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5894"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}