‘Nasty List’ Phishing Scam Targets Instagram Users

Written by

Instagram users are being warned not to fall for a new phishing scam doing the rounds which aims to harvest log-ins and spread worm-like across the social network.

According to Twitter users who have posted screenshots of the scam, users typically first receive a direct message from an account they are following. This could include one of several variations on the same theme, which is that the recipient has been featured on a ‘nasty list.’

If they click on the link in the message they’ll be taken to one of several Instagram profiles apparently registered for the purpose, with names like “the_nasty_list_848.” The profile description of these accounts also typically contains the same breathless text as the initial message — something like “This is so horrible!! We are all on here,” or “WOW you are really on here.”

However, clicking on the link in this profile description will take the user to an official-looking but fake Instagram log-in page. If they fill their details in here the hacker will hijack their account to send the same ‘nasty list’ message to all the contacts following them.

Phishing remains one of the most popular techniques in the hacker’s arsenal, given that it takes advantage not of technical deficiencies but a lack of cyber-savvy on the part of the user.

According to Microsoft, the volume of phishing attacks jumped 250% year-on-year in 2018.

Like most online consumer-facing platforms, Instagram has its fair share of cybersecurity challenges. Back in August last year it made a slew of announcements designed to make accounts more transparent and harder to hack.

This included support for third-party authenticator apps, which make it harder for individuals to crack open accounts.

What’s hot on Infosecurity Magazine?