Attackers have used Instagram’s verification process to steal sensitive information from unsuspecting users, according to a new report from Vade.

If you receive an email about becoming verified on Instagram, be careful, it may well be a scam.

Attackers take advantage of Instagram’s highly sought-after verification program to harvest user credentials.

Cybersecurity company Vade reported Thursday that since late July, some users have been receiving suspicious emails from Attackers posing as Instagram. The email says the user’s profile has been reviewed and selected for verification. 

Vade said victims typically receive phishing emails from an “ig-badges” email account that generally has the subject line “ig blue-badge info.”

However, the email includes various misspellings and formatting errors. Malicious hackers, of course, hope that victims will overlook the telltale signs of a scam and click on the “Badge Form.” Upon clicking on the link, victims are redirected to a malicious website.

The website asks for a person’s name, phone number, email, and Instagram password, telling victims they will be contacted after 48 hours once everything is entered. 

Vade saw this Instagram phishing campaign beginning on July 22, 2022, with email volumes reaching up to more than 1,000 per day on two occasions.

Instagram writes in its Help Center that the verification process takes place within the app, not over email, and you have to be a public figure, celebrity, or brand to request to be verified.

The initial scam emails attempt to pressure victims into offering their information as soon as possible, warning that the verification process will expire within 48 hours. 

The best thing you have to do if you receive any email regarding blue badge verification Don’t click anything in it and delete it as fast as possible.