A new phishing scam is using false two-factor authentication to take over Instagram accounts.

The scam, recently discovered by researchers, starts with emails stating the recipients have had a login attempt into their Instagram accounts. The email states if the recipients did not attempt to log into their accounts they need to log in and use a provided six-digit code in order to confirm they are the account owners.

The researchers said the scammers’ use of a six-digit code as two-factor authentication adds legitimacy to the emails and provides the recipients with a false sense of cybersecurity. When recipients click on the directed link in the email, they are directed to a malicious.CF domain based out of the Central African Republic. The site mimics a real Instagram login screen and has what looks like a secure HTTPS certificate. The scammers then collect the login information that users enter in.

Researchers said there are red flags to look for in phishing emails to not become a victim. They said a huge red flag is any email that provides a link to log into an account when recipients can instead go the account site and log in from there. Other signs include misspellings in the email or the sign-in site as well as unusual domain extensions.

Researchers expect the goal of the phishing scam is to take over the victims’ Instagram accounts.