Phishing

A social-engineering attack where a fake message tricks the victim into entering credentials on a malicious site. The most common cause of account takeovers.

Written by Shilder Recovery TeamReviewed by Shilder Editorial ReviewLast reviewed 2026-05-15

Phishing is the technique of impersonating a trusted entity to trick someone into giving up sensitive information — most often login credentials on a fake login page.

Common phishing patterns on Meta platforms

  • Fake copyright violation notices.
  • Fake suspicious-login alerts.
  • Verified-badge offers (unsolicited).
  • Brand-deal DMs requesting verification.
  • Login-from-new-device alerts with malicious links.

The mechanic

You receive a message that looks like a real Meta notice. It has urgency, authority, and an easy-out link. The link goes to a page that looks identical to Instagram’s or Facebook’s login. You enter credentials, the attacker captures them, and they have your account within minutes.

How to defend

  • Never log in via links in emails. Type the URL directly.
  • Check the sender address — real Meta emails come from @mail.instagram.com or @facebookmail.com.
  • Watch for urgency + credential entry on an external site — the classic phishing combination.

See phishing red flags on Instagram for the full pattern guide.

← All glossary terms

Ready to get your account back?

Submit your case in under three minutes. Expert review starts the same day.

Start a case Read the FAQ