Even for the more freaky among you, avoiding "The Nasty List" on Instagram is in your best interest. We are not being prudes, by any means—go ahead and let your freak flag fly, if that is what you are all about. However, this so-called list we are referring to is actually a phishing scam that seeing people's accounts get hacked.
If you are on Instagram, you may get a direct message saying something to the effect of, "OMG your [sic] actually on here, @TheNastyList_34, your number is 15! its [sic] really messed up." The message will contain a link to the supposed list, but there is no actual list—the URL directs users to a fake Instagram login site, in the hopes of stealing that your login credentials and further spreading the scam.
It's not just hacked accounts of friends that you need to worry about. According to screenshots seen by BleepingComputer, specialized accounts may slide into your DMs with phishing messages. It's only natural to be curious and to click on their profile, which itself contains bogus information.
"People are really putting all of us on here, I'm already in 37th position, if your [sic] reading this you must be on it too," one of the profile messages reads, along with a URL to the fake login page.
Typos and bad grammar are telltale signs that something is awry, though depending on the friends you keep company with on Instagram, it could be easy to overlook using "your" in place of "you're" in messages. The messages are varied, too. Despite what they say, though, there is no list, therefore clicking on the provided URL will not let you know why are on it.
Maybe you've already fallen for this scam. If so, check to see if you can still login and view your phone number and email address. Make sure those are correct, and change them if not. Then change your password pronto. To do that, follow these steps:
- Go to your profile and click on the three horizontal bars in the upper-right
- Tap on Settings > Privacy and Security > Password
- Enter your current password, then enter a new one
- Tap Save or the checkmark in the upper-right
Good practice is to use a strong password of at least six characters, using a mix of letters, numbers, and punctuation marks.