A wave of fake Instagram password reset emails has been hitting inboxes over the past few days.
Many users say they received password reset messages they never requested, raising concerns about a new phishing campaign targeting Instagram accounts.
What makes this scam particularly convincing is how legitimate the emails appear. The messages use Instagram branding, familiar language, and in some cases even display Gmail’s blue verified checkmark. While that checkmark is meant to signal authenticity, it does not guarantee that the email is safe. Scammers have found ways to make phishing messages look official enough to bypass quick visual checks.
@ohhackno UPDATE: Multiple news outlets have now confirmed this is a massive official data leak (not just a scam email), which makes securing your account with 2FA even more important! Instagram has not yet made a statement on why these PW reset requests do not consistently show up under “recent emails” or on the breach in general 👎🏼
♬ original sound – Flo & Kenny | ohhackno
The emails claim that a password reset was requested and prompt users to click a link to secure their account. That link can lead to a fake login page designed to steal account credentials. Once a user enters their username and password, attackers can take over the account, change recovery details, or use it for further scams.
Security experts continue to stress that users should avoid clicking links in unexpected emails, especially those involving account access or security warnings. If there is concern about an Instagram account, the safest approach is to open the Instagram app directly or manually type the official website address into a browser and check account settings from there.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
