Received an email about getting verified on Instagram? It’s a phishing scam

News
By published

New blue badge phishing scam preys on Instagram users trying to get verified

An email inbox displayed on the screen of a laptop, next to a cup of coffee.
(Image credit: one photo/Shutterstock)

Getting verified on social media can make all the difference for an aspiring influencer which is why a new Instagram phishing campaign making the rounds online is trying to lure in users with the promise of a blue badge.

For those unfamiliar, Instagram users that have been verified by the Meta-owned social network receive a blue badge with a checkmark next to their username in a similar way to how Twitter handles verification.

First discovered by the email security company Vade back in July and detailed in a new blog post, the latest Instagram phishing campaign aims to dupe users into divulging their personal information and account credentials.

Latest Videos From Tom's Guide Tom's Guide

If you’re an active Instagram user with hopes of getting verified, you’ll want to be on the lookout for an email with the subject line “ig bluebadge info” with an email address that begins with “ig-badges”. While the email uses spoofed Instagram and Facebook logos at the header and footer to appear more legitimate, Instagram explains in a support page in its Help Center that verification is done entirely through its platform and never over email.

A classic case of phishing

Fish hook on a keyboard

(Image credit: Shutterstock)

Although an Instagram user eager to get verified may fall for this phishing campaign, closely examining the body of the email itself quickly reveals that it’s a scam.

Several grammatical errors and typos appear throughout the email and Vade points out that it also includes a phrase commonly used by scammers: “Thanks, you instagram team”. The email also tries to instill a sense of urgency by telling potential victims that “the form will be permanently deleted within 48 hours”.

The cybercriminals behind this new phishing campaign hope that Instagram users will be so excited about finally getting verified that they will overlook these details and click on the blue button at the bottom of the email which reads “Badge Form”.

Stealing user credentials and info with the promise of a blue badge

If a user ends up skimming through the email and clicking on the Badge Form button, they are taken to a malicious website with the domain name “teamcorrectionbadges”. Here, the scammers hope that victims believe Instagram uses a different website besides its own to verify users.

This Badge Form page also tries to appear legitimate by copying the brand colors of Instagram and Meta’s logo. However, there are also several grammatical mistakes and punctuation errors which are a dead giveaway that this is a scam.

A form prompts potential victims to enter their Instagram handle along with their name, email and phone number in order to be verified. After the page refreshes, another field appears where users are prompted to input their password and login.

After this is done, a confirmation message appears with a bogus Case ID and tells them that the team will contact them as soon as possible with the average time being 48 hours.

This particular Instagram phishing campaign began on July 22 and more than 1,000 emails were sent out per day to potential victims. Vade notes that the scammers behind the campaign did their homework and included each victim's actual Instagram handle in their phishing emails.

How to stay safe from verification scams

Woman using laptop to do research online

(Image credit: Shutterstock)

Verification scams have become more popular as social media platforms like Instagram and Facebook have grown inside. 

In fact, according to Vade’s own Phiser’s Favorite Report, social media companies are the fourth most phished websites of any industry with Facebook being the second most impersonated brand.

Impersonating social media brands makes sense for scammers and verification is the perfect lure to trick users into giving up their credentials and personal information. At the same time, verification remains a mysterious and misunderstood process for many social media users.

To avoid falling victim to this and other verification scams, it’s important to keep in mind that social networks conduct verification assessments using their own platforms and never through email. Likewise, any email can be spoofed so you should always remain cautious when opening any message in your inbox, even if they appear to come from an official account.

When it comes to phishing, you should always look for the common signs of phishing scams which include instilling a sense of urgency along with spelling and grammatical mistakes.

See more Computing News
TOPICS
Anthony Spadafora
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A person typing on a computer while hackers use phishing to steal a file from their computer
Phishing: What is it, and how to avoid it
Hooded cybercriminal sitting with laptop surround by hooks
New report details the brands that scammers like to impersonate most — and you'll definitely guess who's at the top
Woman tapping smartphone while delivery person hands her a package.
FTC just issued warning over new 'brushing' scams
A person sat at a computer and a tablet, coding
What is social engineering and how to avoid becoming a victim
PayPal logo on iPhone
Watch out! Scammers are using this PayPal setting to take over your PC
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Latest in News
Apple Watch Series 10
Future Apple Watch models could get a surprising new feature — what we know
NYTimes Connections
NYT Connections today hints and answers — Monday, March 24 (#652)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #386 (Monday, March 24 2025)
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
More about online security
A man filing his taxes electronically on a laptop

AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
Hacker using a stolen social security card

Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
NYTimes Connections

NYT Connections today hints and answers — Monday, March 24 (#652)
See more latest
Most Popular
NYTimes Connections
NYT Connections today hints and answers — Monday, March 24 (#652)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #386 (Monday, March 24 2025)
Apple Watch Series 10
Future Apple Watch models could get a surprising new feature — what we know
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
best Netflix series Community
7 best shows about college you can stream now
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
Bernie
I’m a big fan of this offbeat comedy thriller starring Jack Black — and you can stream it free on YouTube right now
Samsung S90D OLED TV on table in living room
Own a Samsung TV? 7 tips and tricks you need to know
Miracle Mile
Prime Video has one of the most unsettling apocalyptic thrillers I’ve ever watched — here's why you should stream it
Jessica Chastain and Idris Elba in Molly's Game
This gripping thriller with Jessica Chastain is leaving Netflix soon — and it’s ‘Certified Fresh’ on Rotten Tomatoes