Instagram Phishing Scam Exploits Users' Desire to Be Verified, Report Says

It reportedly takes advantage of the fact that people want their profile on the social media platform to get a verification badge.

Zachary McAuliffe Staff writer
Zach began writing for CNET in November, 2021 after writing for a broadcast news station in his hometown, Cincinnati, for five years. You can usually find him reading and drinking coffee or watching a TV series with his wife and their dog.
Expertise Web hosting, operating systems, applications and software Credentials
  • Apple software beta tester, "Helps make our computers and phones work!" - Zach's grandparents
Zachary McAuliffe
2 min read
Instagram app logo on a phone screen

Don't fall victim to this phishing scam.

Sarah Tew/CNET

If you receive an email about becoming verified on Instagram, be careful, it may well be a scam.

Cybersecurity company Vade reported Thursday that since late July, some users have been receiving a suspicious email from hackers posing as Instagram. The email says the user's profile has been reviewed and selected for verification. 

The email uses the subject line "ig bluebadge info" and comes from the address "ig-badges." Some users might think the email is legitimate, since Instagram and Facebook logos are placed near the top and bottom.

"The hackers hope these tactics disguise the signs of a phishing scam, including the context of the email," Vade wrote.

However, the email includes various misspellings and formatting errors. For example, one part of the email reads, "Thanks, you instagram team."

A phishing scam email

This is what the suspicious email reportedly looks like.


A phishing scam is when hackers use bait -- in this instance, the opportunity to be verified on Instagram -- to trick victims into clicking a malicious link or entering personal information into a bogus form. These scams usually take place via emails, so its hard for security software to block or filter them out. 

Instagram writes in its Help Center that the verification process takes place within the app, not over email, and you have to be a public figure, celebrity or a brand to request to be verified.

The best thing to do if you receive this email: Don't click anything in it, and delete it.

Meta, Instagram's parent company, didn't immediately respond to CNET's request for comment.

For more, check out this FBI and House Committee warning about cryptocurrency fraud. And here's how to spot a student loan relief scam.

Watch this: How to Delete or Disable Your Instagram Account