A phishing scam is circulating Instagram claiming that users have made “The Nasty List” with the goal of stealing account credentials.
The scam is spread via messages sent through hacked accounts claiming the recipients were spotted on the so called NastyList stating something like “OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up,” according to an April 13 Bleeping Computer report.
The messages link to various Instagram pages perpetuating the scam with links in the profile descriptions that purport to actually show the list. Upon clicking the link, a user is then asked to re-enter their Instagram login credentials on the phishing page, but upon inspection of the actual URL, users can see the site isn’t an actual Instagram approved login site.
Those who have had their accounts compromised can still get their accounts back by first verifying that their account is still using the correct phone number and email, and then changing their password. Those who have lost access to their accounts can report their accounts to Instagram.
Once the password is changed, all other accounts will be logged off and a user can log back in to regain control of their accounts.