Many Instagram users have opened their email inbox to find an email titled “Reset your password”. The message says a request has been made and has a link to change the password. It also says nothing will happen if the email gets ignored. The sudden arrival of these messages has left people worried that a new scam has arrived…
Instagram has confirmed on its help page that the emails are genuine. The company said the messages came from an issue that let an external party request password reset emails for certain accounts. Instagram said this was not the result of a data breach.
A message about account access often makes people start to panic and assume that someone is trying to get in. That fear can make people click on the wrong links and buttons, and that often works in the favour of these scammers.
Instagram assured its users that a reset email does not necessarily mean that an account has been taken over. A simple typing mistake can send a request to the wrong address. Only someone who knows the password or clicks the link inside the email can enter the account.
How Can Users Tell A Real Email From A Scam?
Which? made a valid point that any email asking for log in details or personal information deserves caution. Even when a message looks right, a few checks can help confirm its source.
Instagram said genuine emails only come from addresses ending in @mail.instagram.com. Any message sent from elsewhere should raise suspicion and links inside it should stay untouched.
Which? advised reading the email closely. Poor spelling, odd greetings like “dear customer”, or blurry branding often means its a fake. Hovering over links without clicking can show where they lead. A random web address that has no link to the brand points to trouble.
Messages that rush people or create panic often do so as a tactic to trigger fast action. Independent checks help here. Opening the official app or typing the website address directly into a browser gives clarity without risk.
Suspicious emails can get sent to [email protected]. Which? said this helps authorities track scam activity and protect other users.
What Should People Do To Keep Their Accounts Safe?
Which? said the safest reaction to an unexpected reset email is calm action. Logging into Instagram through the official app or website and changing the password adds protection. The new password should be unique and hard to guess.
Instagram also allows users to confirm real emails inside the app. In the Instagram app, there is an inbox that lists security and login emails sent by Instagram. If the message appears there, it is genuine. If it does not, the email did not come from Instagram and should be treated as a scam.
Two factor authentication also adds security, of course. Instagram and Which? both recommend it. A code sent to a phone or app blocks access even if someone knows the password.
Which? said its lab tests show third party antivirus software spots phishing attempts better than the built in protection on many systems. Keeping software updated lowers risk.
Scammers trade stolen details taken from hacks, which makes it hard to trace where information came from. Which? advised checking email addresses on the Have I Been Pwned website. If an address appears there, changing passwords on affected accounts is sensible.
