New phishing scam ‘The Nasty List’ targets Instagram users’ login credentials

• Scammers send messages to the followers of hacked accounts claiming that they were spotted on the so-called ‘Nasty List’.
• The Instagram accounts from which these scammers send messages will have profile names such as ‘The Nasty’, ‘Nasty List’, or ‘YOUR ON HERE!!’.

What is the issue - A new phishing scam named ‘The Nasty List’ targets Instagram users’ login credentials.

Why it matters - If users fall for this scam, then these scammers will use their Instagram accounts to further promote this scam.

The big picture

Scammers send messages to the followers of hacked accounts claiming that they were spotted on the so-called ‘Nasty List’.

“OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up,” the message read, BleepingComputer reported.

• The Instagram accounts from which these scammers send messages will have profile names such as ‘The Nasty’, ‘Nasty List’, or ‘YOUR ON HERE!!’.
• Their profiles include a description similar to “People are really putting all of us on here, I'm already in 37th position, if your reading this you must be on it too” or “WOW you are really on here, ranked 100! this is horrible, CANT WAIT TO REVEAL THE TOP 10!”
• These profiles will also have a link in their bio, which upon clicking redirects users to a legitimate looking Instagram login page.
• When users enter their credentials in the login page, the scammers will get hold of the login credentials and compromise their Instagram accounts.

What you should do to stay protected?

Users can easily identify that the login page is fake as it is actually located at nastylist-instatop50[.]me, which is obviously not a legitimate Instagram page.

• It is best to never enter your login credentials at a page that does not belong to instagram.com.
• In case if your account has been hacked by the ‘The Nasty List’ but you still have access to your account, then it is best to reset your password to retrieve your account.