NEW YORK (CBSNewYork) — We all try to put our best foot forward when posting pictures on social media, so imagine the embarrassment when one of your friends tells you that you’ve made one of the Internet’s “ugly lists.”

“Some mean people had made a list of the ugly people on Instagram,” one young woman said.

As CBS2’s Jessica Moore reported, the woman was shocked and upset to hear that her picture was on the list.

“I got really mad,” she said.

She’s not alone.

“I get tagged by my friends saying ‘tell me why you’re on this ugly list,” one young man said.

Imagine being labeled as ‘ugly’ for 500 million Instagram users to see.

“People were like ‘oh, I can’t believe I’m on the ugly list, I got to see this,” one woman said.

When they clicked on the link they got more than they bargained for. They got hacked.

“This scam, like so many scams has to do with an emotional hook,” said Better Business Bureau President Claire Rosenzweig.

Rosenzweig said the ugly list is all just a ruse.

“It takes them to a site that looks like the Instagram site, asks for their password, the person thinking it’s the Instagram site, will enter their password,” she explained.

Ryan Olson, the intelligence director for the elite team of cyber security experts at Palo Alto Networks said it’s an attempt to get your information.

“You might have used the same password for your bank account or for your credit card account,” he explained, “Our job is to figure out what bad guys are going to try and do.”

When it comes to phishing scams like the ugly list, Olson said it works by casting a wide net and then playing off of people’s insecurities.

“They’re driven by the desire to know, am I on the list or not?” he explained.

Cyber threat expert Chase Cunningham said millennials are increasingly becoming targets of the scams because they’re the primary users of these sites.

“It’s the perfect storm,” he said.

Instagram prohibits people from using their service for illegal or unauthorized purposes, and has setup a page for users to report abuse. Experts say the bottom line is think before you click.

“Anytime you are getting unsolicited notifications red flags should go off,” Rosenzweig said.

Cunningham created a free security app called Cynja-Space. It can filter the content on your device and will alert you with a message should it detect something fraudulent.

&nbsp