ESET Ireland is advising Instagram users in Ireland to stay alert for phishing and impersonation attempts after a surge in unexpected Instagram password reset emails caused widespread confusion online.
Instagram has publicly stated it fixed an issue that allowed an external party to request password reset emails for some users.
The company said there was no breach of its systems and that accounts remain secure, adding that users can ignore the emails.
ESET Ireland says incidents like this can still create ideal conditions for criminals, because uncertainty is often followed by targeted scams designed to trick people into handing over logins, verification codes, or payment details.
George Foley spokesperson at ESET Ireland, said, “Even when a platform says there is no breach, situations like this can still be highly useful to criminals.
“A wave of genuine password reset emails creates uncertainty, and that is exactly when phishing spikes.
“People are more likely to click, respond, or try to ‘fix’ the problem through the wrong route.
“The safest approach is to ignore password reset emails unless you personally requested them, and to be especially cautious of any follow up messages claiming to be from Instagram in the days ahead.
“That is often where criminals attempt to steal credentials by impersonating security teams or pushing fake verification prompts.
“If you are concerned, go directly to the Instagram app or the official website and check your security settings there.
“Turn on two factor authentication and use a strong, unique password.”
Instagram itself notes that receiving a password reset email does not necessarily mean an account has been hacked and advises users to verify official emails and take steps to secure their accounts.
For more information visit www.eset.com/ie/