McAfee recently published a blog post on their official page taking about ‘The Nasty List’ and ‘The HotList’ scams spreading on Instagram.
Phishing scams have become incredibly common these days. Cybercriminals have raised the stakes with their tactics making their phishing message almost similar to the companies they attempt to spoof. We’ve all heard about phishing emails, SMiShing, and voice phishing, but cybercriminals are turning to social media for their evil schemes as well.
Last week, the “Nasty List” phishing scam plagued Instagram users everywhere, leading users to fake login pages as a means to steal their credentials. Now, cybercriminals are cheering on the success of the “Nasty List” campaign with a new Instagram phishing scam called “The HotList.”
The “Nasty List” phishing scam
The latest social media scheme called “The Nasty List” tricks users into giving up their Instagram credentials and uses their accounts to further promote the phishing scam. Cybercriminals spread this scam by sending messages through hacked accounts to the user’s followers, saying that they were spotted on a “Nasty List.”
If the recipient visits the profile mentioned in the message, they will see a link in the profile description. The user is tricked into believing that the link will supposedly allow them to see why they are on this list and it brings up what appears to be a legitimate Instagram login page. When the victim enters their credentials on the fake login page, the cybercriminals behind this trick will be able to take over the account and use it to further promote the scam.
“The HotList” phishing scam
This scam shows itself as a collection of pictures ranked according to attractiveness. Similar to the “Nasty List,” this scheme sends messages to victims through hacked accounts saying that the user has been spotted on this “hot list.” The messages claim to have seen the recipient’s images on the profile @The_HotList_95 which leads them to visit the profile and click the link in the bio. They are presented with what appears to be a legitimate Instagram login page. This tricks the users to give in their login details on a bogus sign in page. Once the cybercriminals acquire the victim’s login details, they are able to use their account to further spread the scam.
3 steps to ensure that your Instagram account stays secure:
- Be skeptical of messages from unknown sources:
If you receive a message from someone you don’t know it’s better to ignore the message or block the user. And if you think your friend’s social media account has been compromised, look out for spelling mistakes and grammatical errors in their message, which are common indicators of a potential scam on run.
- Exercise caution when inspecting links sent to your messages:
Always inspect a URL before clicking on it. In case of this scam, the URL that appears with the fake login page is clearly incorrect, as it ends with .me.
- Reset your password:
If your account was hacked by the “Nasty List” or “The HotList” and you still have access to your account, reset your password to regain control of your page.