Time and time again, the way in which major online attacks on government agencies, companies and all of us as individuals begin is through a spear phishing email.  Phishing emails are emails that are sent to lure you into providing information or clicking on links in the email that contain malware, such as ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft.  Most phishing emails are easy to recognize as being scams.  However, spear phishing emails are phishing emails that are specifically tailored for us.  They come addressed to us by name and they generally deal with specific subjects in which we are interested or appear to come from companies with which we do business or have accounts.

Recently Instagram installed a new security feature which will enable you to determine if an email you get that purports to be from Instagram is actually from Instagram or is a spear phishing email.  The new feature enables you to compare the email you received with any security emails Instagram has sent in the previous fourteen days.  If the email you received is not shown on the list of emails legitimately sent by Instagram in the last two weeks, you can be confident that the email you received is a spear phishing email and know to ignore it.


As a basic defense against phishing and spear phishing, you should never provide personal information in response to an email or text message unless you have absolutely confirmed that the request for the information was legitimate and the information needed to be provided. It may seem paranoid, but remember, even paranoids have enemies.  Also, never click on links or download attachments unless you have independently confirmed that the email or text message containing the link or attachment was legitimate.

In order to access this new Instagram security feature, go to your account an click on the icon that takes you to your profile.  Then click on the menu button and click on the Security tab on your settings.  There you will see a new option pop up that allows you to see “Emails from Instagram”  This will then enable you to see a list of all of the emails that Instagram has sent regarding security.

Finally, use security software that includes phishing screening.  While it is not totally effective, it is very useful.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”