The Latest In Phishing Scams: Instagram’s “Ugly List”

No one wants to be called names, and no one wants those hurtful names to be blasted all over social media. Unfortunately, it appears fraudsters are taking advantage of those fears with an “ugly list” phishing scam making the rounds on Instagram. 

The scheme hinges on Instagram users’ emotions and insecurities, CBS Los Angeles reports (warning: link has video that autoplays), with schemers creating posts that claim a user’s photo has been posted to a high-profile “ugly list.”

When users click on the link for the so-called list, they’re opening an avenue for hackers to gain access to their device or computer.

These scam posts will likely appear to come from someone you know, but not because your friend is a malicious jerk; their account was probably hijacked. Once clicked, you’re taken to a site that looks like Instagram and asks you to enter your password to sign in.

But it’s all just a ruse used by hackers to gain access not only to your Instagram account, but others that might use the same login credentials.

Security experts tell CBS Los Angeles that the biggest targets of the scam are millennials.

“They’re driven by the desire to know, ‘Am I on the list or not?’ ” Ryan Olson, intelligence director for cyber security experts with Palo Alto Networks, tells CBS Los Angeles.

For its part, Instagram prohibits account holders from using the service for illegal or unauthorized purposes. The network has a page dedicated to collecting reports of user abuse.

Are You On The List? ‘Ugly’ Scam Targets Instagram Users [CBS Los Angeles]