“Nasty List” phishing scam spreads across Instagram
A phishing scam is spreading across photo sharing platform Instagram that tells would-be victims that they have been featured on something called a “Nasty List”.
The scam starts when an Instagram user receives a direct message from an account they are following that claims the user has been featured on a “nasty list” and provides a link to another Instagram account, whose handle begins with @The_Nasty_List followed by a random number. An example of a message can be seen below –
John, OMG your actually on here, @The_Nasty_List_522, your number 15! It’s really messed up
The Instagram handle (beginning with @) is clickable, and this message has been designed to lure the recipient of the message into clicking on the linked profile.
Clicking the profile takes you to that Instagram profile which contains a link in its profile description where users can apparently see this so-called “nasty list”. However that link leads to an external website that appears to be the Instagram login page. But it isn’t … it’s on an external website that has nothing to do with Instagram, and if a user enters their username and password, they’re sent straight to the crook behind the scam.
Sponsored Content. Continued below...
Once the crook has the user’s username and password, they now have access to that user’s account (unless the user enabled 2FA) and can start spreading the same phishing message to the Instagram friends of that account.
Despite many user’s falling for this scam, avoiding it is incredibly simple.
First, be wary of any suspicious or unexpected messages sent through Instagram (or any other social media website) even if they appear to be from friends and especially if they urge you to click a link.
Sponsored Content. Continued below...
Secondly, if you find yourself on what appears to be a login page asking for your username and password, check the web address (the URL beginning with WWW.) to see if it belong to the website. In this case, Instagram.
Thirdly, enable two factor authentication or two step verification for your important online accounts, including Instagram. This means anyone logging into your account will also need an extra piece of information other than just the password.
In the case of this “nasty list” phishing scam, other than using compromised accounts to further spread the phishing message, it doesn’t appear the people behind the scam are using the compromised Instagram accounts for anything else.
Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.
Continued below...
Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)
Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)
