"The Nasty List" scam targets Instagram users' credentials

Users are facing another Instagram scam: the phishing link claims that their name is on the alleged “Nasty List”

Nasty List scam on InstagramThe new scam "The Nasty List" attempts to steal users' Instagram account login details

A new phishing campaign was spotted in the wild, and this time hackers are targeting users of the Instagram[1] social network. The “Nasty List” scheme is operated by unknown hackers who are determined to steal as many credentials as possible and then spread the fake links further.

The “Nasty List” incident was first spotted around a week ago by a Reddit user, who said that he received a direct message from his sister:[2]

So I logged onto Instagram yesterday and I had a dm from my sister. It said I was in some kind of “Nasty List”. Well I had just woken up and I was kind of out of it so I clicked on it because I was curious. I then realized that it was probably a virus, but too late, I had already clicked.

It is yet unknown what is bad actors' ultimate goal; however, the scam allows them to completely take over the Instagram account. In the future, a well-established botnet could be used to spread malware such as banking trojans or into-stealers (such as screen-locking Anubis[3] or crypto wallet targeting Gustuff)[4], which could compromise users' bank accounts or even result in identity theft. Alternatively, the stolen credentials might be simply sold on the Dark web for profits.

The phishing link leads users a spoofed Instagram login page

Those whose accounts got compromised are then used to spread the phishing links to all the victim's followers, who then consequently get curious about what the “Nasty List” is and why are they on it.

The Nasty List scam starts when users receive a seemingly trustworthy direct message from one of the Instagram followers and usually begins with something like “WOW. Your on here!!! ranked 100,” “OMG your actually on here, @The_Nasty_List_918,” “WTF you are literally on here,” “omg your #15 on this list. So messed up.”

There is no doubt that many users might get curious and even concerned about these statements. Once clicked on the link, they are directed to a fake Instagram profile that is usually named “Nasty List,” “YOUR ON HERE,” “The Nasty,” and similar (some of such profiles already have around 30k followers).

On the fake profile, victims find another link, which, once clicked, leads them to a spoofed Instagram login screen, which looks credible. Nevertheless, those who pay close attention will see that the URL at the top of the screen is not the official Instagram page, but rather “nastylist-instatop50.me,” or something similar.

Unfortunately, those who enter their credentials will get their accounts compromised and provide full control to hackers. To avoid such events in the future, never enter your credentials to sites that do not belong to Instagram.com domain.

Those who did not enter their Instagram login details are not affected by the compromise

Many users who fell for the scam said that they either did not give too much thought to it before clicking the link as it came from a trusted source, or the anxiety of something shameful behind the link prompted them. Due to these factors, the “Nasty List” scam might affect thousands, if not millions of users.

However, if you clicked on the first link and got redirected to the fake profile, and even clicked on the second link without entering your credentials, you are safe. Additionally, those who have two-factor authentication enabled will prevent hackers from compromising their accounts.

In case you did enter your credentials, you should immediately change your password on Instagram, and all the other accounts that you used the same password for. Also, do not forget to check if all the contact information such as email address and phone number are correct and. To change the password on Instagram, follow these steps:

  • Go to your profile on the Instagram
  • Select Settings > Privacy and Security > Password
  • Enter the new/current password, and tap on Save

Additionally, security experts highly recommend enabling two-factor authentication (2FA)[5] on all accounts, as it would prevent any type of similar attacks in the future.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions