How to Avoid Phishing on Instagram Ft. Lucashyland!

Log in to confirm it’s you!

We noticed suspicious activity in your account.

There was a login from a new device!!!

And so on…

It’s nothing new, right?

I bet you would have surely noticed such messages in your email inbox at some point in time.

And it becomes more obvious to see it when your name is Lucas.

For those who don’t that who that is…

Lucas is one of the best content creators on Instagram who helps businesses grow and sell products and services. He is hands-down an amazing creator with great knowledge which could be clearly seen once you visit his profile.

All real, and authentic!

Want to know more about him?

Just go check him out on Instagram (@thelucashyland), and make sure you give him a follow if you agree with my points above.

But since he didn’t sponsor this article, I won’t talk any further about his great skills (wink-wink).


Coming straight to the main point…

This is what happened with Lucas just maybe two or three days back.

He received an email from a scammer which claimed that his Instagram account was in danger and he needs to change his password to keep it safe.


Fortunately, Lucas smelled something fishy, and realized where it came from.

Here’s a video of him explaining the scenario-

So as you can see, Lucas explained about he got away from this phishing attempt.

But that’s not what everybody knows…

And it’s the reason I am writing this piece of article so no user falls into any such scams.

By the way…

For those who don’t know what ‘Phishing’ is, here’s is the brief explanation of what it’s all about-

Phishing is one of the oldest go-to techniques used by hackers to exploit innocent users on the web.


Do you how it works?

Here’s how-

Hackers first create a fake page that looks exactly like the main site they want to target. 

In the case of Lucas, the target site was Instagram.

The main objective behind site mirroring is to manipulate innocent users to an extent so they believe the urgency of the situation, and proceed to the instructions given.

I used the phrase ‘instructions given’ because hackers also use this method to steal other details too.

So it depends on what they want.

If they want credit card details, they create the page according to that.


In Lucas’s case, the page was created to steal the password, and the instructions were according to that.

So what happens next is…

As soon as the user enters the credentials on the targeted page, the entries are recorded in the site’s database which could be used anytime by hackers to get control of the account.

And once it’s done, it’s game over!

Say bye to your account!

All gone!

R.I.P. honeyboy14522_53323312124343 (don’t if that account even exists.)

Moreover, by the time you would come to know about it, the post mortem report of your account would cite the reason for the account’s death as ‘Phishing’.

Strange, right?


If you said yes, I feel sorry because I am sure you aren’t subscribed to our blog.


Had you been subscribed to our blog, you would have surely not found this whole scenario strange because we already covered this issue on our site way before when Instagram rolled out a feature just to tackle this security issue.

Do you know what I am referring to?

Yes, my friend!

It’s the feature ‘Emails From Instagram.’

So what are these?

Emails from Instagram are the option that Instagram rolled out last year which is a panel inside your Instagram app that shows you all the emails from the Instagram side within 14 days.

You heard me right…

14 days!

So if there is any security issue regarding your account, you could verify the email from this section.

‘But how do I access it?’- You may wonder.


Go to your Instagram app, and click on the Security tab in the settings section of your account.

You would now see an option named ‘Emails from Instagram’.

Click on this gem, and you will see two further options. 

One is ‘Security’ where YOU will find emails from Instagram that are related to security issues while other emails are present in the second section named ‘Others’.

And since the emails regarding such issues are a matter of security, YOU would find such emails in this ‘Security’ section.

Verify if the email that you see in your inbox is the same as what you see here.

If they are the same, then it’s from the company.

And if it’s not, you know what to do with it.

Also, like Lucas mentioned in the video, always make sure you see the email id before you click on emails that claim to be from the company.

Only click those who are from the official id, and ignore the rest.

Although Lucas (in the video) and I (in this article), showed you what you can do to avoid such phishing scams, there is a thing that I want to correct.

As Lucas mentioned in the video that you won’t see the device and user-agents on such phishing landing pages or fake emails, I would like to disagree on that one.

Because it’s not how it works.

Hackers can mirror any part of the site no matter whatever it is.

So it is also possible to add many additional elements with just a few lines of CSS, and Javascript.

Which means…

Creating a fake page that shows device, and location is also possible.

So users should also not believe emails that show the location or device that was used for the attempt.

Concluding in short…

Here’s how you can tackle such phishing attempts-

The best approach that I would suggest is to tally the email info from the ‘Emails from Instagram’ section.

Also, see the URL too as those phishing pages won’t have URL like this- ‘’

The URL of landing pages is a bit strange too which depends on what tools they use.


That is it for today!

Let me about your views in the comments down below.

Also, share this article if you found it helpful.

See you next time!


P.S.- Subscribe to our newsletter if you want to see more posts like this!



I write, play, and drink cups of coffee. In the free time, I do a little bit of SEO, Basic Hacking and Coding. Kind of NOT so big deal:)


Leave a Reply

Your email address will not be published. Required fields are marked *