If you’ve recently been sent several poorly spelt messages from someone you know on Instagram, saying that you were spotted on a “Nasty List”; it’s best that you ignore it altogether. Like all messages of such nature, it’s a scam designed to coerce unknowing users into divulging their login credentials to further promote said scam.
According to BleepingComputer, the scam is spreading its way across the app via hacked accounts. Once hacked, the affected accounts will then be programmed to send out the grammatically-butchered message to followers of the account.
The message more or less reads “OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up”. The number after the underscore changes with each user, and so does the message every time someone visits the profile listed in the message. The one consistent piece of content in all these messages, however, is a URL listed as “nastylist-instatop50[.]me”.
Opening the URL will bring you to a passable, legitimate-looking Instagram log-in page. Were it not for the obvious link that is listed at the top of the page.
Should you happen to find yourself a victim to the “Nasty List”, the first thing you’ll need to do is verify your account is using the correct phone number and email address. Directly after that, you’ll want to enter your account’s Privacy and Security Settings, and proceed to change your password from there.