An Instagram phishing campaign attempting to scam users by offering blue badges has emerged. Verified accounts that represent a public figure, celebrity, or brand receive blue badges from the social media giant.

Phishing attack details

A spear-phishing email informs recipients that Instagram has reviewed their accounts and identified them as eligible for a blue badge.
  • Attackers ask recipients to click on an embedded button that leads to relevant submission forms.
  • Those who fall for the scam are encouraged to fill out a form and claim their badges.
  • The message informs users that if they ignore the message, the form will be permanently deleted in 48 hours.

Three-stage form

  • A phishing form is hosted on a domain named "teamcorrectionbadges," suggesting Instagram uses a separate, dedicated domain to verify users.
  • The phishing process is dependent on a three-stage form, each step showing Instagram and other social media platform logos to create a sense of legitimacy.
  • On the first form, the victim must enter their username, on the second, their name, email, and phone number, and on the third, they must enter their password, to prove their ownership of the account.
  • As soon as the victim completes the process, a message informs them that their account has been verified and the Instagram team will contact them shortly. 
  • The final step involves presenting a fake case ID to the victims.


Phishing emails frequently target social media users, and the recent Instagram campaign targeted the carelessness and enthusiasm of users when lured with the opportunity to upgrade their social account status. As an added security measure, Instagram offers two-factor authentication for your account.
Cyware Publisher