A Turkish-language phishing campaign targeting Instagram creators uses fake “Copyright Infringement” notifications to steal account credentials and bypass two-factor authentication. Victims are coerced through “legal scaring” tactics to enter credentials on a fake site that immediately harvests usernames, passwords, and 2FA codes.
This Turkish-language Instagram phishing attack uses a “Copyright Infringement” threat via DMs to deceive users into providing their account credentials, email passwords, and 2FA codes. The attack relies on urgent, fraudulent “appeal forms” that mimic official Meta branding to steal login information, and it is a high-risk scam targeting content creators. To protect yourself, always verify the URL, utilize the “Emails from Instagram” tool in the app, and never provide email credentials or login details in response to a DM.