Fake Subscription Renewal Phishing on Instagram
Phishing messages impersonating Instagram or Meta Verified billing target creators and business accounts with fake account-suspension warnings, directing victims to credential-stealing login pages.
Part of: Fake Subscription Renewal Phishing
Last reviewed: 1 June 2026
Instagram's Meta Verified subscription and business account tools generate legitimate billing communications, creating fertile ground for phishing operators who mimic these notifications precisely. Creators and small businesses whose income depends on Instagram access are especially vulnerable to messages threatening imminent account suspension.
Instagram's DM system is also used as a delivery channel for phishing, with fake 'Instagram Support' accounts reaching out directly to high-follower creators who would suffer significant income loss from account loss.
How this scam works on Instagram
Creators and business account holders receive a DM from an account using Instagram or Meta branding, claiming their Meta Verified subscription payment has failed or their account is at risk of demotion. The message includes a link to resolve the issue. The link leads to a fake Instagram login page.
Email variants mimic Meta billing invoices and use spoofed sender addresses that appear legitimate at a glance. Victims who log in on the phishing page have their credentials harvested, allowing attackers to change the password, enable their own two-factor authentication, and lock the original owner out.
Common red flags
- Instagram DM from an account claiming to be Instagram Support about a billing issue
- Message threatening account demotion or suspension due to a failed Meta Verified payment
- Link in the message leads to a domain outside instagram.com or meta.com
- Fake 'Instagram' account in the DM has a blue checkmark badge but was created recently
- Email billing notice with sender address that uses a variation of meta.com or instagram.com
- Login page after clicking the link looks correct but the browser URL is not instagram.com
How to protect yourself
- Check your subscription status directly in Instagram settings — not through any link in a message
- Enable two-factor authentication on your Instagram account and store backup codes securely
- Never log in to Instagram through a link received by DM or email
- Verify that any DM from 'Instagram' comes through the official verified account at @instagram
- Use a password manager — it will auto-fill only on legitimate instagram.com pages
How to report it
- Report the DM or account in Instagram using the 'Report' function
- Forward phishing emails impersonating Instagram or Meta to [email protected]
- File a complaint with the Anti-Phishing Working Group at [email protected]
Frequently asked questions
Can I recover an Instagram account lost to a phishing attack?
Yes — use Instagram's account recovery flow at instagram.com/accounts/login/help/. Acting quickly improves your chances before the attacker fully locks you out. Meta also has a Hacked Account support page.