UK Uni Students Lose Out £100,000 To Phishing Scams
72 students had their funds taken by phishers between the start of the 2015 academic year and December 2017.
A new phishing scam called the "Nasty List" is sweeping through Instagram and is targeting victim's login credentials.
If a user falls victim, the hackers will utilize their accounts to further promote the phishing scam.
The Nasty List scam is being spread through hacked accounts that send messages to their followers stating that they were spotted on a so-called "Nasty List". These messages state something like "OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up."
According to screenshots, the scammers attempt to send these messages to all followers of a hacked account.
If a recipient visits the listed profile, it will be named something like "The Nasty", "Nasty List", or "YOUR ON HERE!!". The profiles include a description similar to "People are really putting all of us on here, I'm already in 37th position, if your reading this you must be on it too." or "WOW you are really on here, ranked 100! this is horrible, CANT WAIT TO REVEAL THE TOP 10!"
These profile descriptions also include a link that supposedly allows you to see this Nasty List and why you are on it. For example, the above profiles are using the URL nastylist-instatop50[.]me, which when visited will display what appears to be very legitimate looking Instagram login page.
While the above page looks real, it is important to pay attention to the URL listed at the top of the window as indicated by the red arrow in the image above. As you can see this login page is actually located at nastylist-instatop50[.]me, which is obviously not a legitimate Instagram site.
To avoid falling for an Instagram phishing scam like the Nasty List, if you are at a page that does not belong to the instagram.com web site, never enter your login credentials.
What to do if you were hacked by this scam: