by Tim Leogrande, BSIT, MSCP, Ed.S.

10 JAN 2026 • 1 MIN READ

If you receive an unexpected password reset email that appears to be sent by Instagram, it's probably a good idea to ignore it.

Users on the social media platform have reported a recent surge in a scam which deploys these kinds of messages, and the cybersecurity TikTok account @ohhackno posted a helpful video about the scam which has already reached over four million views.

A screen capture of the scam email. Notice the use of the official Instagram logo and the inclusion of a “Reset password” button.

A screen capture of the scam email. Notice the use of the official Instagram logo and the inclusion of a “Reset password” button.

The scam is particularly deceptive because the emails appear to come from a legitimate Instagram address ([email protected]) and the design is very compelling.

Forbes reports that the sudden increase in the scam is, "…related to a breaking story about a leak of 17.5 million Instagram user accounts by a threat actor on BreachForums." Forbes also reports that some of their own employees received the email.

<aside> 💡

Naturally, the best practice for suspicious emails is to avoid replying to them and not clicking on any links.

</aside>

If you receive a password reset email, you can check recent messages sent by Instagram by going to the "password and security" section of your account settings, then clicking on “recent emails.” This allows you to confirm whether or not the email you received is genuine.

As always, be careful what links you load from your email client by slowing down and thinking it over before clicking on them.

© 2026 Tim Leogrande. Access the AI detection report for this post here.