Skip to Content
Instagram phishing email
© Natanael Alfredo Nemanita Ginting | Dreamstime.com
Security & privacy

That security email from Instagram is real – Here’s how to tell

Companies usually alert you when something suspicious happens to your account. For example, when you log into Facebook from a location you typically don’t, you get a notification.

Similarly, when Instagram detects a new login from an unusual device or location, it can send you an email. This is seemingly the only method for contacting you, as it doesn’t have a dedicated messenger like Facebook. Tap or click here for details on a viral Facebook Messenger scam.

Cybercriminals are now spoofing security emails to make them look like they’re from Instagram. Thankfully there are ways to tell if an email from Instagram is legit or a phishing attack. Keep reading for ways to spot the scams.

Here’s the backstory

Online platforms such as Instagram, Twitter and YouTube have built-in security to protect your details. If something strange is detected on your profile, they’ll email you immediately to verify the activity.

Depending on the service, you must either click a verification link or use an authentication app to proceed. But criminals are notorious for impersonating businesses and services, and it can be challenging to spot fake from real.

At first glance, an important email can seem genuine. It uses the company’s logo, it seems to know details about you, and reading through it makes some sense. But there are a few telltale signs that something is amiss.

If you receive such an email from Instagram or Facebook, you must look at the sender’s email address. Not everybody knows the official email addresses, which makes it easier for cybercriminals to trick you.

In the case of Instagram, there is only one email address from which security notifications will come.

How to know if an Instagram security email is real

Many people have wondered if they are victims of phishing attacks when receiving an email from Instagram. Here is a key to knowing if the email is legit or fake. Instagram’s official email address is: [email protected]. If you receive an email from that address, it’s legitimate.

Here’s where it gets tricky. Cybercriminals are great at spoofing emails and setting up fake addresses that look like the real deal. By changing one letter or adding a character to an email address, it can be easy to fool people who aren’t paying close attention.

Here are some things to look out for:

  • Check the email address for minor discrepancies in the letters. Sometimes hackers will substitute the letter “m” for an “r” and “n.” When put together, rn could be mistaken for the m in Instagram.
  • Pay attention to letters that shouldn’t repeat. For example, an email from [email protected] with a double-A in the name is clearly fake.
  • Be careful of links that are shortened or hidden behind the text. Never click on a link if you don’t know where it goes.
  • In the email itself, watch for grammar and spelling mistakes. Also, look for low-quality images. If anything feels suspicious, delete the message ASAP.

Here is a pro tip to make sure that email did come from Instagram. You can see official messages sent by Instagram in your account settings. Here’s how:

  • Open the Instagram app.
  • Tap your profile icon in the lower-right corner.
  • Tap the three-line hamburger menu in the upper right.
  • Tap Settings.
  • Select Security > Emails from Instagram.

Under the Security tab, you will see a list of security emails sent by Instagram within the past 14 days. If an email isn’t listed, but you did receive one, it’s a phishing attack.

If you believe your account has been targeted by cybercriminals, you can report it to Instagram here.

Facebook recently implemented a similar security feature in its app. You can also check for official emails from Facebook. Here’s how:

  • Open the Facebook app.
  • Tap the three-line hamburger menu in the lower right.
  • Scroll down and select Settings & privacy.
  • Tap Settings.
  • Select Password and security.
  • Scroll down and tap See recent emails from Facebook.

Under the Security tab, you will see a list of security emails sent by Facebook within the past 14 days. If an email isn’t listed, but you did receive one, it’s a phishing attack.

Keep reading

How to take the perfect profile picture for LinkedIn, Facebook and Instagram

Three signs an Instagram, Facebook or Twitter account is fake

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days