A Turkish-language phishing campaign targeting Instagram creators uses fake “Copyright Infringement” notifications to steal account credentials and bypass two-factor authentication. Victims are coerced through “legal scaring” tactics to enter credentials on a fake site that immediately harvests usernames, passwords, and 2FA codes.
Analysis Memo: This malicious interface was intercepted, verified, and locked down firsthand by the
Antiphishing.bizsecurity team during our standard URL vetting operations. To protect the public, the phishing source domain has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users spot lookalike phishing methods before financial damage occurs.
This Turkish-language Instagram phishing attack uses a “Copyright Infringement” threat via DMs to deceive users into providing their account credentials, email passwords, and 2FA codes. The attack relies on urgent, fraudulent “appeal forms” that mimic official Meta branding to steal login information, and it is a high-risk scam targeting content creators. To protect yourself, always verify the URL, utilize the “Emails from Instagram” tool in the app, and never provide email credentials or login details in response to a DM.