Phishing scams have become quite normal these days. They seem so authentic that it’s easy to fall for them. Even Instagram isn’t safe from such attacks. Recently, reports started emerging about The HotList phishing scam. The scam is, in one way or another, similar to “The Nasty List” scam that emerged not more than a week ago. The scam makes itself seem like a collection of pictures ranked according to the hotness factor. Pretty normal for a platform like Instagram, right? Well, it’s a scam and leads users to a fake Instagram login page and gets their login credentials.
It all starts when a user receives a message from someone who claims to have seen some pictures of them on a profile (@The_HotList_95) upvoted to an impressive position. If the user follows the trail and clicks on the mentioned profile, they will be brought to a description that will encourage them to check the position they are in. There will be a link, along with the description too that will “supposedly” redirect them to “HotList”. The links will usually have .me domains.
Once the link is opened, the user will be brought to a page which looks exactly like the Instagram login page but in reality it is not and is used by the phishers to collect users’ login credentials. Once a user falls for this trick, the hackers will use their account to send further scam messages to other users (both the victim’s followers and other Instagram users). And thus, the scam spreads.
Screenshots courtesy of Bleepingcomputer.
The only way to save yourself from this scam is to not provide your login details on a page that doesn’t belong to the Instagram.com website.
However, if “HotList” managed to get the better of you and you somehow still have access to your account, verify immediately if the account is using the appropriate email and phone number. Once it is verified, you should change the account’s password, which will in turn cause all the devices to sign off, that were logged into your account.
If unfortunately, you no longer have access to your account, report the issue to Instagram.
Read next: Facebook's updated post claims that Millions of Instagram users (not thousands) were affected due to a recent data leak!
It all starts when a user receives a message from someone who claims to have seen some pictures of them on a profile (@The_HotList_95) upvoted to an impressive position. If the user follows the trail and clicks on the mentioned profile, they will be brought to a description that will encourage them to check the position they are in. There will be a link, along with the description too that will “supposedly” redirect them to “HotList”. The links will usually have .me domains.
Once the link is opened, the user will be brought to a page which looks exactly like the Instagram login page but in reality it is not and is used by the phishers to collect users’ login credentials. Once a user falls for this trick, the hackers will use their account to send further scam messages to other users (both the victim’s followers and other Instagram users). And thus, the scam spreads.
Screenshots courtesy of Bleepingcomputer.
The only way to save yourself from this scam is to not provide your login details on a page that doesn’t belong to the Instagram.com website.
However, if “HotList” managed to get the better of you and you somehow still have access to your account, verify immediately if the account is using the appropriate email and phone number. Once it is verified, you should change the account’s password, which will in turn cause all the devices to sign off, that were logged into your account.
If unfortunately, you no longer have access to your account, report the issue to Instagram.
Read next: Facebook's updated post claims that Millions of Instagram users (not thousands) were affected due to a recent data leak!