Instagram users are being targeted by a phishing scam that attempts to steal their login credentials and take control of their account. The scam is being called ‘The Nasty List’ as users receive a direct message from an account they follow (which has already been hacked) informing that they are on a ‘nasty list’ with a link to a profile. On this profile there is then a link to the supposed ‘list’ which if followed will open up a convincing but fake Instagram login page, from which a user’s details can be stolen. The phishing attack is spread as the hacked account can then be used to send further scam messages to its followers.
To avoid falling victim to these kinds of phishing scam, look the URL of any page that asks for login credentials and never enter your details into an illegitimate site. Anyone who has been hacked should verify their account by first checking it has the correct contact details listed and then changing the password.