• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » social media » Instagram Phishing Attack – The Nasty List

Instagram Phishing Attack – The Nasty List

2019-04-16 by Michelle Dvorak

Instagram Phishing Nasty Lis

Instagram Nasty List Is A Phishing Scam in Disguise

Instagram users are the targets of a new social media phishing attack called the Nasty List Attack. In this phishing scam Instagram users receive a direct message from a hacked account. The message informs the user that they are listed on an internet Nasty List. The message also urges them to go to a spoofed website that phishes for login credentials. These Nasty List phishing messages state something like “OMG your actually on here, @TheNastyList_9, your number is 18! it’s really messed up.” The attack was first reported on Reddit.

The two numbers used in the message for username and list position vary.

If the recipient goes to the profile listed in the direct message, in this example @TheNastyList_9, they receive more instructions on how to see this list. The BleepingComputer.com post shows screenshots of the messages. One fake Instagram profile contained this intimidating message, “ If a recipient visits the listed profile, it will be named something like “The Nasty”, “Nasty List”, or “YOUR ON HERE!!”. The profiles include a description similar to “People are really putting all of us on here, I’m already in 37th position if your reading this you must be on it too.” or “WOW you are really on here, ranked 100! this is horrible, CANT WAIT TO REVEAL THE TOP 10!” as shown below.”

The bogus profile contains a link in the bio that leads to a spoofed webpage. The link claims the page publicly shows everyone on the imaginary list, including them.

The link given in the profile is an obvious fake. Examples include nastylist-instatop50[.]me. If the message recipient mistakenly clicks on the link in the bogus Instagram profile, it takes them to a fake website that is designed to look like an Instagram webpage. The spoofed webpage phishes for your Instagram username and password. If you enter your username and password the Nasty List phishing message is sent to all your Instagram contacts. Notice the misspelling in the message. The word “your” should be spelled “you’re” and “cant” should have an apostrophe. Typos are always a good indicator of spam and phishing messages. Apparently, hackers cannot spell very well, and they frequently give themselves away with these mistakes. A close look at the URLs used in the messages is another clue that this is a cyber attack. The URL appears to be an Instagram address but is not.

Phishing messages are any email, text message, or website that attempts to gather personal information from the reader. A phishing message may direct you to a spoofed (copycat) webpage that prompts the reader to enter login credentials or more like credit card or banking information. In any case, the phishing message is trying to steal from the victim.

Instagram 2FA Screenshot
Instagram 2FA Screenshot

What to Do If You Are Affected by the Instagram Nasty List Phishing Scam

  • If you were fooled by the Nasty List phishing scam, there are a few steps you should take immediately to protect yourself online
  • Change your Instagram
  • Turn on two-factor authentication (2FA)
  • Use an authenticator app for this and al social media accounts
  • Stop using Public WiFi to log into social media

To Turn in Instagram Two-factor Authentication (2FA)

  • Open the Instagram app and log into your Profile
  • Tap your photo icon on the bottom right of the app
  • Tap the hamburger menu at the top right of the app screen to open a menu
  • Select Settings gear at the bottom of the menu
  • Scroll down to the Privacy and Security section and open it up
  • Tap the Two-factor authentication option
  • Tap Get Started

Choose the 2FA method you’d like to use – Text message, a mobile authentication app, or both. SMS text messaging is the easiest way to set up two-factor authentication. Follow the rest of the instructions. You will have to create a few account recovery codes in case you lose the device you are using for 2FA. Once 2FA is set up you will receive a confirmation email to the email address associated with your account. This is the email address that Instagram will use in case two-factor authentication is disabled in the future.

While you are in the Privacy and Security section of your accounts, select Change Password and choose a new one to secure your account. It’s good practice not to use the same password for your Instagram and the email address attached to it.

Make sure the correct phone number is listed on your Instagram account.

Filed Under: social media Tagged With: Instagram, phishing

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version