Instagram hackers have recently hit upon a new money-making scheme which is leaving small business accounts at the mercy of illegal activity.  Historically, Facebook and Instagram hackers would use social media phishing campaigns to targeting corporate and influencer accounts with a lot of followers. The hackers then gain control of the account through phishing and force the victim to pay a ransom to get their account back. They hold the account hostage until the owner agrees to pay the ransom. At the moment, the platforms have seen a huge surge in the number of reported hacked accounts and sadly, it’s no longer just targeted to the larger accounts.  Small business instagram accounts and even personal profiles are being scammed into believing a seemingly flawless (to the untrained eye) email or alert which is designed to trigger them to engage in the scam and provide their login credentials. It’s the perfect storm because once the hackers have the data, they log you into the Facebook or Instagram anyway – so initially, it appears as if nothing is wrong at all.

How do Instagram accounts get hacked?

The hackers / attackers messages sometimes vary by the two most common are:

1. they accuse the Instagram account owner of copyright infringement. They threaten to delete the account unless the target fills an appeal form. They then either direct message a link or they send an email with a link. When the target clicks on the link they are taken to a phishing landing page that resembles the target’s account and promotes them to login.
2. they excite the Instagram account owner with the possibility of receive a ‘verification tick’ on their account. This has been attached to somewhat of a raised status on the platforms and authenticates the brand or account as legitimate.

When the victim has signed in the hackers have taken their login information. After this, they can immediately log in and change the victim’s password and back up security credentials in seconds.

Once the Instagram account is hacked

Often, they then modify the account profile so that it includes the phrase such as, ”this Instagram account is held to be sold back to its owner,” followed by a contact link. Worse, some start asking their loyal followers for money for a story they make up. So many followers fall for this scam, thinking they are giving money to the original owner out of compassion.

If the hacker wants to chat to the owner and a randsom is involved – it will often lead to a WhatsApp chat the hackers make the ransom demands.  If the victim doesn’t initiate contact via the profile link, the hackers will start sending text messages to the phone number associated with the account to prompt negotiations.

Hacked Instagram accounts are held for ransom

We have had clients with demands a low as $50 USD or have heard of demands as high as $40,000 USD. Often the hackers ask for the ransom in a cryptocurrency such as bitcoin or transferred in a very obscure way.

Hacking Instagram accounts is not new. Instagram influencers have frequently fallen victims to fake promotions and/or offers only to lose their accounts. By using the fear of losing, copyright, or legal action hackers get their victims to react quickly and rashly. This knee jerk reaction of clicking on a link is not new either. Hackers are now becoming more bold and using more cunning ways of gaining access to your information than ever.

Prevent your Instagram account from being hacked

First of all, we highly recommend that all our clients have Two-Factor Authentication (2FA) on all their social media accounts including Instagram. This adds that additional level of defense and is pretty simple to setup. Your devices should ALWAYS have traditional virus and phishing security software installed and running in the background.

Setting up Two-Factor Authentication on Instagram

If you do not have 2FA on your Instagram account:

1. Tap or your profile picture in the bottom right to go to your profile.
   
2. Tap in the top right, then tap Settings.
3. Tap Security, then tap Two-Factor Authentication.
4. Tap Get Started at the bottom.
5. Choose the security method you want to add and follow the on-screen instructions.

You will be asked to either use a third party authentication app such as Duo Mobile or Google Authenticator. After you setup 2FA you will be able to see login requests and removed trusted devices. We encourage users to be very careful when trusting devices rather than using 2FA every time.

Using Meta Business Suite

Make sure your Facebook pages and Instagram pages are linked security within Meta. It helps also if you open up an Ad Account, even if you are not yet using paid advertising.

CONTACT US IMMEDIATELY : What to do if you Instagram account has been hacked

A good point to remember is any emails sent to you regarding your Instagram account will be from, “security@mail.instagram.com“. This can however be masked to look like it’s come from there – so before you open or at the very least follow any links that have been sent to you – verify the sender or email address is who should be sending you those links. Also, check the link by hovering over it, look for any discrepancies before clicking. Any link that is not from Instagram or Meta is never a good idea to follow.

If you are dealing with Instagram regarding a issue with your account you will likely be required to Verify your Identity, so don’t be alarmed. Usually you have to submit a photo of yourself holding valid ID. Block out with your fingers any parts that they do not require. Never send a photo of your full drivers licence, for example. Be sure to respond to any messages from them within 48 hours and tickets automatically close and it can be a very frustrating situation if you miss a chance to reply.

If you suspect a hacker could be using a phishing attack on you, it goes without saying, do not click on any links without checking them out fully first. If you have already followed the links and have possibly had your account hacked contact us at Frankly Organised and complete our fast enquiry form. We have a very credible history of working with account owners (and sadly, sometimes the actual hacker) who have taken over social media accounts.