Watch out! Don’t fall for the Instagram ‘Nasty List’ phishing attack

March 3, 2020
instagram phishing attack the nasty list phishing antiphishing social media social engineering

April Fools Day

Social Engineering has another way of conning active Instagram users the so called “The Nasty List”. It’s main goal is to harvest victim’s login credentials as basic as username and password to some, but this information may lead to another phishing type of act or worst identify theft.


How it is being done/The modus of the attack

The Nasty List scam is self-sustaining, meaning it utilized another follower’s targeted account and preying more victims and so on. Known strings like “OMG you are actually on here, @TheNastyList_34, your number is 15! it’s really messed up.” Similar information may be seen by victim’s account followers.



Expect to see similar information on the part of the recipient when you visit the listed Nasty List profile “YOUR ON HERE!!” “WOW you are really on here, ranked 100! this is horrible, CANT WAIT TO REVEAL THE TOP 10!” or “The Nasty” to “People are really putting all of us on here, I’m already in 37th position, if your reading this you must be on it too.”  There have been links that leads to the phishing page before re-entering your Instagram login credentials, however upon checking the actual URL is not really Instagram official login site.


identity theft prevention
identity theft prevention


How not to fall for this attack

This can save you from falling target:

  • Be observant about Instagram login page; if it’s not com don’t enter your username and password.
  • Another layer of protection as intricate as Two- factor authentication (2FA) via SMS can make you safe and can prevent your account from being exposed as it employ soft-token typically valid for less than a minute eliminating the chance of hacker interception.
  • In a chance that your account has been attacked, you should quickly modify your account password, turn on 2FA, and counter check your email address and phone number to see if it’s unchanged. Better yet, change everything and use different credentials if you have other social media account. As soon as you changed your password, all other user account will be logged off and account user can regain control of their valuable accounts.


Motive behind the attack

There has been no known reason behind the scam at least motive could primarily infiltrate Trojan virus inside the victim’s PC and this will steal personal details of the would be victim which perhaps send to another group of Cyber criminals by means of well-known conventional botnet.  Take this article as a piece of advice for your own identity theft prevention.


About the author

Leave a Reply