Skip to main content Skip to search
Start Your Free Trial

CBS: ‘Ugly List’ Instagram Phishing Scam Targets Children, Young Users

There’s a new social media phishing scam designed to steal Instagram users’ passwords, and it’s not pretty.

Called the “Ugly List,” the scam works like this: you get a notification from someone on Instagram telling you that you’ve made the “Ugly List,” or in this case a list of ugly people on Instagram. That notification contains a link. It’s basic human nature to want to click it — but you shouldn’t. It’s a con that takes victims to an Instagram-style phishing site designed to trick you into logging in to steal your username and password. Why? You may use the same password for your banking or credit card information.

In a recent feature, CBS New York interviewed A10 Networks Director of Cyber Operations Dr. Chase Cunningham about the “ugly list” scam. This particular plot hit too close to one of Cunningham’s passions: protecting children online.

A U.S. Navy veteran, Cunningham is also the co-founder of The Cynja, a graphic novel series and mobile application developed to educate children on the perils of certain types of online activities and empower parents to monitor and control their childrens’ online behavior. Watch the full CBS report:

What should you do if you get an “Ugly List” notification?

  1. Delete it/don’t click it
  2. Notify Instagram
  3. If the notification came from a friend, let them know they’ve been hacked

Read more cybersecurity articles on the A10 blog.