Published on Computing & Communications Services (https://www.uoguelph.ca/ccs)

Home > InfoSec Blog - Instagram ‘Nasty List’ Phishing Attack

InfoSec Blog - Instagram ‘Nasty List’ Phishing Attack

April 23, 2019

Have you been receiving strange messages on Instagram from your followers about you being on something called the “Nasty List”? If so, the message is a massive phishing campaign being spread through hacked Instagram accounts. According to the report on Bleeping Computer, clicking on TheNastyList profile link takes you to a page containing a second link, which then leads you to a cloned Instagram login page asking for your Instagram username and password. Anyone who falls victim to this scam and provides their credentials will soon find out that all of their followers are sent the same phishing message telling them they are too on the Nasty List. 


Phishing attacks are the most common and effective social engineering attacks. These days social media is all about rapid clicking. It’s easy to say don’t fall for it, but what if people do? 
Hopefully you have been following our tips on how to spot phishing and you would spot the fake login page by noticing that the domain nastylist-instatop50[.]me is not a genuine Instagram domain. However, if you did fast click on the first link and you stopped short of providing your Instagram credentials on that page, you are safe. 

 

If you did enter your credentials but are using two-factor authentication(2FA) via SMS or an authenticator app, you should be OK as well because it would be much more difficult for hacker to bypass the protection offered by 2FA. 
However your account is still at risk of compromise, so you should immediately take the following actions:
  • Change your Instagram account password. If you have used the same password on any other online accounts, change those as well. 
  • Enable 2FA (https://help.instagram.com/566810106808145)
  • Check for any unauthorized changes made in your profile, including your email address and phone number associated with the account

 

Written by: Hanna Guan (Cyber Security Analyst, Information Security)

Keywords: 
Phishing [1]
social engineering [2]
online security [3]

Our Vision

To be technology and knowledge solution leaders, partnering with University communities, enabling excellence in teaching, learning and research.

Our Purpose

Changing lives, improving life by enabling our community.

Our Core Values

Service Culture, Integrity, Individual Leadership, Teamwork, Agility, Communication

Find us on Social Media

  • RSS - RSS

  • YouTube - CCS – University of Guelph

  • Twitter - U of G CCS IT Service Desk

About CCS

Computing & Communications Services (CCS) is U of G’s central IT department, providing core IT services to the greater campus community.

Click4Assistance UK Live Chat Software

Source URL:https://www.uoguelph.ca/ccs/infosec/instagram_phishing

Links
[1] https://www.uoguelph.ca/ccs/tags/phishing [2] https://www.uoguelph.ca/ccs/tags/social-engineering [3] https://www.uoguelph.ca/ccs/tags/online-security