A new phishing scam is targeting Instagram users, which could lead to a hijacker taking control of their accounts.
It’s thought the scam begins with a direct message from an account users follow, telling them that they’re featured on a “nasty list”. A link within the message will then lead them to one of several profiles highlighting this list (an example found included @the_nasty_list_848).
Clicking on the links within the profile will take users to an official looking Instagram page where they can ‘log in’, but by entering credentials a hacker can take control of their account and use it to send more ‘nasty list’ messages to their followers.
Phishing is a technique where untargeted messages or emails are sent to people asking for sensitive information such as bank details (or, in this case, login details) or encouraging them to visit a fake website.
We would advise any users seeing such messages to ignore and delete them. Guidance has been produced for individuals and families which will help users secure their social media platforms, including Instagram.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.