Scam of the day – July 12, 2016 – Instagram Ugly List scam

A recent scam that has been victimizing people starts when you get an Instagram notification telling you that you have been tagged in a post called “Ugly List 2016.”  To make things worse, it appears that it is a friend of yours who tagged you.  The notification contains a link to enable you to see the full post.  If you click on it, it takes you to what appears to be the Instagram log in page where you have to type in your username and password in order to see the full Ugly List 2016.  However, the log in page to which you were directed by the link is a phony and if you type in your username and password, you have just turned over that information to a hacker.  The hacker, in turn, may send out Instagrams that appear to come from you including new Ugly List 2016 tags to your friends.

But why, would a hacker do this?

Certainly sometimes it is just done to embarrass people, but other times it is done to get people to turn over their usernames and passwords to the cybercriminals who count on many people using the same usernames and passwords for all of their accounts including online banking and other online accounts that have information that can be used by the cybercriminal for purposes of identity theft.


In regard to this particular scam, it is important to remember that there is no Ugly List 2016 so do not respond to it.  It is also important to remember when you are contacted by your friends through social media or even through emails or text messages, you can never be sure that any links contained in these communications that you are urged to click on are legitimate.  They may be tainted with malware.  Remember my motto, trust me, you can’t trust anyone.  These messages that appear to come from your friends may indeed come from their accounts which have been hacked and sent by an identity thief.  Never click on links or download attachments in emails, text messages or on social media until you have absolutely confirmed that the communication is legitimate.

As for your passwords, it is important to have a complex an unique password for every online account you have.

Scam of the day – November 4, 2014 – Instagram counterfeit check scam

Many years ago there was a popular cartoon character named Pogo, who transformed the famous words, “We have met the enemy and he is ours” spoken by Admiral Oliver Hazard Perry following a naval battle into “We have met the enemy and he is us.”  Pogo’s version may well apply to the many of us who don’t realize that whenever we put too much information online through social media we are providing information that can be used against us in a multitude of ways.  Postings on Facebook and other social media can be used by identity thieves and scammers to learn the answers to your security questions and also provide information to make you a target of spear phishing where you receive an email that appears to come from someone you know or a company with which you do business.  Putting personal information such as your birthdate and address on social media makes it easier for an identity thief to steal your identity.

Recently federal prosecutors in Minnesota brought counterfeiting and other charges against 28 people who created counterfeit checks using the banking information contained on checks that have turned up on Instagram photos with the hashtag #myfirstpaycheck.  It is a simple matter today to create checks with the account number and bank routing information contained on a check.  It is also just as simple for counterfeiters to search Instagram for the popular hashtag #myfirstpaycheck put up by naive new employees.


Certainly no one should take a photo of any check and put it up online or on any social media website.  However, you should also limit, as much as possible the personal information you provide online and through social media that in the hands of an identity thief can be used to make you a victim of identity theft.  Don’t include your birth date, mother’s maiden name or other personal information on social media that can be used to make you a victim of identity theft.  Don’t make an identity thief’s work easy.

Scam of the day – August 4, 2014 – Instagram hacking threat

Instagram is a great app for sharing photographs and videos, however, it has recently been discovered that it can be easily hacked when it is used with public WiFi.  The core of the problem is that Instagram accounts do not communicate over an encrypted program.  An easy way to see if you are communicating by way of an encrypted program is to look at the web address and see if it starts with “https.”  If it starts with “http” without the “s,” your communication is not being encrypted and is not protected.  Hackers can obtain personal information such as your username, password and photos by hacking into public WiFi, which is easily done.  Perhaps the most disturbing part of the recent revelation that this security flaw exists is that  Facebook, the owner of Instagram has been aware of this problem for two years.  Facebook officials say that they are still working on moving to “https,” but frankly this process should not take this long.


Never communicate anything of importance online unless the data is encrypted.  Look for the “https” when communicating with any website with which you are sending personal information, particularly financial information such as a credit card.  You should avoid using Public WiFi for anything of a confidential nature since you cannot be sure if you are using the real Public WiFi or one that is set up by a hacker sitting close by who is capturing all of your data.  In addition, even if you are using the real Public WiFi, that system is easily hacked so, unless your communications are encrypted, you are in danger of identity theft.