Be cautious! New phishing scam “Nasty List” there to hack Instagram account

A new phishing scam is increasing on the wild. The scammers behind this scam are targeting users of the social media platform Instagram. The scam named “Nasty List” was firstly spotted a week ago by a reddit user. He said that he got the message directly from his sister.

Here is what he said,

“So I logged onto Instagram yesterday and I had a dm from my sister. It said I was in some kind of “Nasty List”. Well I had just woken up and I was kind of out of it so I clicked on it because I was curious. I then realized that it was probably a virus, but too late, I had already clicked.”

It is not yet known the exact what motive behind this scam, however, the infection allows its developers to take over the victims’ Instagram account. The developers could use a well established botnet to infiltrate some Trojan virus inside the victims’ PC and this Trojan virus could steal the personal details which most probably send to potent Cyber criminals.

More about the “Nasty List” scam

As what the reddit user said, compromised account are then used to spread the phishing links to other users who follow it. The “Nasty List”  scam starts with  message “WOW. Your on here!!! ranked 100,” “OMG your actually on here, @The_Nasty_List_918,” “WTF you are literally on here,” “omg your #15 on this list. So messed up” from an unknown Instagram account user.

The Instagram users who receive the message undoubtedly get curious to know what exactly these statements mean.  When they click on the link, they are redirected to some fake account named “Nasty List,” “YOUR ON HERE,” “The Nasty,” (which usually shows 30k and more followers to seem trustworthy).

A link associated on this redirect the users into another page “nastylist-instatop50me” that look like a legitimate Instagram login page. Due to the carelessness and lack of knowledge, they users enter their login credentials open their Instagram account and thus their account get compromised and under the control of the hackers.

Who are safe?

Those who did not enter their credentials on the phishing Instagram page is safe no matter they had clicked on the link and got redirected to the unknown profile and at the second redirect after clicking again on some malicious link to get the phishing page. You are safe, if you have two-factor authentication enabled.

In case you entered your credential and had not enabled the two factor authentication, you should immediately change your Instagram passwords and all other account credentials whose password you putted the same. To change the instagram password, follow the steps below:

  • Click on your profile
  • Select settings and search for privacy and security and then passwords.
  • Enter new password, and tab and save.

You are highly recommended to put the two-factor authentication mode enable in all your accounts. This would prevent any such similar attack in future.