If you get a surprise password reset email that looks like it’s from Instagram, don’t click anything. People on social media are reporting a growing wave of scam emails that closely copy real Instagram security messages. The goal is to scare users into acting fast before they stop to question it.
According to Mashable, a TikTok account called @ohhackno that focuses on online security posted a video explaining how the scam works. The clip has racked up around 4 million views, with many commenters saying they received the same email. A discussion thread on a security help forum also drew hundreds of replies from users comparing screenshots and sharing close calls.
What makes the scam unsettling is how convincing the emails appear. Users say the messages come from addresses that look official and use familiar Instagram branding, logos, and language. At first glance, there’s little to suggest anything is wrong, which is why so many people fall for it.
This scam is tied to a huge leak of Instagram user data
Forbes said the sudden increase in these scam emails is connected to a major data leak. A hacker posted information from 17.5 million Instagram accounts on a site called BreachForums. Forbes even got one of these scam emails themselves. Mashable contacted Meta for more details but hasn’t gotten a response yet.
The best way to stay safe from scams is to not click on any links in suspicious emails. We don’t know exactly what the scammers want, but clicking bad links can put your personal information and account in danger. Instagram has been expanding to new platforms recently, including launching its app on TV screens, but security remains a top concern.
If you get a password reset email, @ohhackno shared a helpful tip. You can check recent emails Instagram actually sent you by going to the “password and security” section in your account settings. This lets you confirm if the email you got was fake or real.
Be careful what you click on. Take your time and think before you act on any unexpected emails. With social media users doing questionable things online these days, staying vigilant about security has never been more important.
And she is not the only person to receive this email. Many users across the internet are sharing the same experience. One user even commented in the viral video, “I was getting about 3 per week. I never clicked it but I decided to just delete my instagram account completely.”
Another person shared, “I clicked it earlier today – after realizing it seemed sus I changed my password on both insta and fb, ensured two factor authentication was on, and logged out of all saved devices using the insta app”
Published: Jan 11, 2026 04:15 pm