Phishing scams are an effective tool for cybercriminals. They trick their victims into clicking on a malicious link, which allows them to steal credentials, personal information and even money.
When I think about phishing attacks, official-looking fake emails usually come to mind. Take our phishing IQ test to see if you can spot a fake email. However, there is a scary phishing scam spreading through a certain social media app that you need to be worried about.
A scam known as the "Ugly List" is making its rounds on Instagram. Users are being tricked into thinking one of their friends has tagged them in a mean-spirited post. Anyone can fall for this cruel clickbait, but teens could be particularly vulnerable to this phishing attack.
It works like this. The victims get a notification from Instagram saying they've been tagged by a friend in a post called "Ugly List 2016." How rude! Inside the notification is a link, which supposedly takes you to the Ugly List post. The link is actually a phishing scam.
If you click on the malicious link, it takes you to a page that looks like the Instagram login. You have to enter your username and password before you are able to see the Ugly List.
Warning! Do not click on the link in the notification, the login page is a fake.
Once the scammers have your Instagram credentials, they could get into your account and tag your followers in the Ugly List posts. The scam would keep spreading and the attackers could steal more information.
How to avoid phishing scams
Phishing scams are not limited to emails. Scammers are lurking everywhere, delivering malicious links in many devious ways.
Here are some things you can do to avoid being a victim of phishing scams:
- Be cautious with links - If you get an email or notification from a site that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
- Do an online search - If you get a notification about something like the "Ugly List," you should do an online search on the topic. If it's a scam, there are probably people online complaining about it and you can find more information.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos.
- Use multi-level authentication - When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts.
- Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.