INSTAGRAM users are being warned over a dangerous scam that hands your account over to crooks.
Security experts now say that the so-called “Nasty List” scam is “sweeping across” the popular photo-sharing app, targeting unwitting users.
It’s a classic phishing con, where hackers try to nab your login credentials by luring you with a scam.
Hackers will message you claiming you’ve been spotted on the “Nasty List”, as first revealed by the Bleeping Computer security blog.
“These messages state something like ‘OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up’,” the blog explains.
If you visit the profile, it’ll be named something like “The Nasty List” followed by several numbers.
The profile’s description will contain a warning claiming that you’re on the “Nasty List”.
And it’ll also feature a link to a website that promises to let you see the list – which doesn’t really exist.
This will take you to a legitimate-looking Instagram login page.
However, the page is completely fake and only serves to hand your login details to hackers.
Cybersecurity firm Sophos has also warned about this scam.
“Anyone entering their credentials will find themselves in a spot of trouble, starting with their entire base of followers receiving the same message telling them that they too are on the Nasty List – and so the social media phishing attack grows,” the firm explained.
“They’ll also potentially have handed control of their account to criminals to do whatever they want with.”
We’ve asked Instagram for comment and will update this story with any response.
How to avoid the 'Nasty List' scam
Here's official advice from cybersecurity firm Sophos…
- First, as long as you are sure you didn’t enter your credentials on the fake login page, you should be safe
- If you did enter your credentials but are using two-factor authentication (2FA) via SMS or an authenticator app, you should be ok because it’s much more difficult for criminals to bypass that
- 2FA can be set up on Instagram by going to your profile and selecting the hamburger icon. Then choose Settings > Privacy and security > Two-factor authentication and follow the instructions on the page
- If there’s a risk that your account has been compromised, you should immediately change your account password, turn on 2FA, and double check to make sure that the email address and phone number associated with the account haven’t been changed
- If you’ve used the same password for Instagram on other online accounts you should immediately change those too. And make the new passwords different for each account – password managers really help with this
- Check out the Sophos Naked Security blog for more info
MOST READ IN TECH
Instagram went down for hours over the weekend in a bizarre outage that also hit Facebook and WhatsApp.
The app recently started letting users pick “close friends” – and it could cause huge rows.
Photos about a “post limit” asking you to comment are a complete hoax.
Have you spotted any Instagram scams lately? Let us know in the comments!