by Tim Leogrande, BSIT, MSCP, Ed.S.
JANUARY 10 2026 • 1 MIN 33 SEC READ
If you receive an unexpected password reset email that appears to be sent by Instagram, it's probably a good idea to ignore it.
Users on the social media platform have reported a recent surge in a scam which deploys these kinds of messages, and the cybersecurity TikTok account @ohhackno posted a helpful video about the scam which has already reached over four million views.
A screen capture of the scam email. Notice the use of the official Instagram logo and the inclusion of a “Reset password” button.
The scam is particularly deceptive because the emails appear to come from a legitimate Instagram address ([email protected]) and the design is very compelling.
Forbes reports that the sudden increase in the scam is, "…related to a breaking story about a leak of 17.5 million Instagram user accounts by a threat actor on BreachForums." Forbes also reports that some of their own employees received the email.
<aside> 💡
Naturally, the best practices for suspicious emails are to not reply to them and don’t click on any embedded links.
</aside>
If you receive a password reset email, you can check recent messages sent by Instagram by going to the "password and security" section of your account settings, then clicking on “recent emails.” This allows you to confirm whether or not the email you received is genuine.
As always, be careful what links you load from your email client by slowing down and thinking it over before clicking on them.
© 2026 Tim Leogrande. The opinions expressed herein are solely those of the author and do not necessarily reflect the views, policies, or positions of any affiliated organizations or individuals. Access the AI detection report for this post here.