Social media is hot, and scammers know it.
They’re always looking for new ways to steal your information, and trickery is one of their favorite methods to get it.
The latest is the so-called Ugly List on Instagram.
Victims of this scam — or prank, at least — are duped into thinking a friend has added them to the Ugly List.
The scammer, using an already-hacked account of someone you know, sends a message that looks like it’s coming from your friend.
It tags you and says you’ve been added to the Ugly List.
The message also includes a link you can click to see the whole Ugly List.
If you click, you’ll be brought to a page that looks just like the Instagram login page.
You’d need to enter your login and password before you can proceed, and that’s where they get you.
Once armed with your login and password, the hackers can start to message and tag all the people on your list with a similar message, and the vicious circle that keeps the scam alive begins.
And while reports don’t indicate that clicking the link or going to the fake Instagram login page in any way releases any malware — those malicious programs that could be used to steal information from your computer or handheld device — you never know. Other scams have done that, so you’re better off not taking any chances.
Even if you’re just handing over your contact list to a scammer, it’s still bad. The scammer can use the list for other frauds in the future.
Don’t let your curiosity get the better of you.
If this hack attempt sounds familiar, that’s because it’s a new version of an old strategy scammers have used to get people to click.
It’s reminiscent of those emails or Facebook messages you’d get from a friend (but of course the friend’s account was hacked) warning you that your sex tape has been posted online. Or that you can click a link to see the sex tape of a famous actor or musician.
Sex tapes, while a popular lure, aren’t the only way they try to tempt you to click. It could be just about anything, from a cute video about cats (why does the internet love cats so much?) or a damning report about a presidential candidate. Others impersonate legitimate companies that have supposedly emailed you so you can click and “verify” your account information.
Back to the Ugly List.
If you were tagged by a friend saying you’re on the list, contact the friend to tell them their account has been hacked, and instruct them to change their password.
If you were tagged by someone you don’t know, report it to Instagram.
And if one of your friends received a message from you about the Ugly List, change your password. That means you’ve been hacked.
Instagram offers the following tips to keep your account safe. It’s good advice for any online account, so the tips are shown here in their entirety:
1. Pick a strong password. Use a combination of at least six numbers, letters and punctuation marks (like ! and &). It should be different from other passwords you use elsewhere on the internet.
2. Change your password regularly, especially if you see a message from Instagram asking you to do so. During automated security checks, Instagram sometimes recovers login information that was stolen from other sites. If Instagram detects that your password may have been stolen, changing your password on Instagram and other sites helps to keep your account secure and prevent you from being hacked in the future.
3. Never give your password to someone you don’t know and trust.
4. Make sure your email account is secure. Anyone who can read your email can probably also access your Instagram account. Change the passwords for all of your email accounts and make sure that no two are the same.
5. Log out of Instagram when you use a computer or phone you share with other people. Don’t check the “Remember Me” box when logging in from a public computer, as this will keep you logged in even after you close the browser window.
6. Think before you authorize any third-party app.
And finally, if your account was the one sending these Ugly List posts to your friends, send them an extra message.
Let them know you think they’re beautiful.
It never hurts to give someone a reason to smile.
Have you been Bamboozled? Reach Karin Price Mueller atBamboozled@NJAdvanceMedia.com. Follow her on Twitter @KPMueller. FindBamboozled on Facebook. Mueller is also the founder of NJMoneyHelp.com. Stay informed and sign up for NJMoneyHelp.com’s weekly e-newsletter.