Instagram phishers using .ORG #domains to steal passwords

An Instagram message chain about supposed “copyright infringement” takes advantage of newly registered .ORG domains to steal account passwords.

The messages originate from compromised Instagram accounts that in turn message their contact lists, spreading the odds of the phishing campaign in a viral manner.

The .ORG domains were registered this week or in late January and while they display nothing on the main page, they serve a form made to look like an Instagram login page:

Domain WHOIS data points to a registrant in Turkey; the domains are with, a reseller of OpenProvider. The domains are hosted on an IP operated by the Microsoft cloud.

Here’s the list of domains perpetrating this phishing campaign on Instagram:

The following domains are also being used:

When receiving such messages, do not click on any links. Do not log into your Instagram account form links in messages and typically ignore “dramatic” prompts for infringement and the like; if that were real, Instagram would disable your account in the first place.

Copyright © 2022 · All Rights Reserved.

Leave a Reply

Your email address will not be published.

 characters available