InfoSec Blog - Instagram ‘Nasty List’ Phishing Attack

April 23, 2019

Have you been receiving strange messages on Instagram from your followers about you being on something called the “Nasty List”? If so, the message is a massive phishing campaign being spread through hacked Instagram accounts. According to the report on Bleeping Computer, clicking on TheNastyList profile link takes you to a page containing a second link, which then leads you to a cloned Instagram login page asking for your Instagram username and password. Anyone who falls victim to this scam and provides their credentials will soon find out that all of their followers are sent the same phishing message telling them they are too on the Nasty List. 


Phishing attacks are the most common and effective social engineering attacks. These days social media is all about rapid clicking. It’s easy to say don’t fall for it, but what if people do? 
Hopefully you have been following our tips on how to spot phishing and you would spot the fake login page by noticing that the domain nastylist-instatop50[.]me is not a genuine Instagram domain. However, if you did fast click on the first link and you stopped short of providing your Instagram credentials on that page, you are safe. 

 

If you did enter your credentials but are using two-factor authentication(2FA) via SMS or an authenticator app, you should be OK as well because it would be much more difficult for hacker to bypass the protection offered by 2FA. 
However your account is still at risk of compromise, so you should immediately take the following actions:
  • Change your Instagram account password. If you have used the same password on any other online accounts, change those as well. 
  • Enable 2FA (https://help.instagram.com/566810106808145)
  • Check for any unauthorized changes made in your profile, including your email address and phone number associated with the account

 

Written by: Hanna Guan (Cyber Security Analyst, Information Security)