Hacked on Instagram: A Scrollable Cybercrime

You get a notification: someone’s liked your story! What a thrill. You get that familiar twinge of excitement and you click on the notification. This time things are different. You can’t get into your Instagram account. You panic. Before you throw your phone across the room and retreat to the couch with tears in your eyes, screaming: “Is my Instagram account hacked?”, there is hope!

Before we dive into what you can do to prevent and recover your account should it be hacked, let’s explore why Insta is so susceptible to hacking.

Why is everyone getting hacked on Instagram?

According to Consumer Reports, we may be experiencing an Instagram hacking frenzy. Because there were 1.21 billion monthly active users of Insta in 2021 – with that number forecasted to grow to 1.44 billion by 2025 – ‘gram has become an easy target. In 2021 alone, over 28% of the world’s internet users were scrolling away.

As of January 2022:
● India has the largest amount of users with over 230 million spread across the country
● The United States has the second largest audience with almost 160 million folks checking out and posting their own photos and stories

As of May 2022:
● Instagram’s own account boasts 504.37 million followers
● Christiano Ronaldo has more than 440.41 million followers
● Speaking of the Portuguese footballer, the average value of Ronaldo’s posts was over $985,000 USD
● The most liked post was Photo of an Egg (@world_record_egg) with 55 million+ likes

@world_record_egg only has one post, and it’s held the record since 2019.

UPDATE — December 2022 :
● Lionel Messi’s World Cup victory post amassed over 67 million likes. He beat the egg!

The Glamor of the Gram

Besides giving us FOMO (Fear Of Missing Out) when our friends go on a tropical vacation and we’re stuck at home during a blizzard, it’s estimated that 9.5% of Instagram users are bots. That doesn’t seem to deter us as Insta has 1 billion monthly active global users. This translates to 500 million active daily users globally.

From the glamorous “unedited” posts from our fave celebs to the wrinkle-smoothing filters we put on our stories, we can’t get enough. People spend an average of 29 minutes a day on Instagram with the under 25 set scrolling for 32 minutes and those over 25 taking in 24 minutes a day of posts and pics.

Hackers know this and know exactly when to strike because engagement with Instagram happens at very distinct times (no matter which time zone you’re in):

 

Who’s at risk? Hint: All of us

In a world of online organized chaos – looking at you, Elon and Zuck – while we’re all watching eggs and soccer stars, hackers are busy determining which one of us would make an easy target. The problem? We’re all easy targets on Instagram. Most of us create passwords that are easily guessable and don’t use two-factor authentication (more on that below).

Jonathan Simon, Director of Marketing and Communications at the Telfer School of Management at the University of Ottawa – say that five times fast! – says hacking leads to access. A successful hacker collects numbers; credit card numbers, PINs, digital log-ins, addresses, etc. If there’s a number involved that will lead to a payoff, your hacked Instagram account is the least of your worries.

Additionally, Dan Guido, CEO of security firm Trail of Bits, says Instagram doesn’t take kindly to hacks but not in the way we want. Instagram has been mostly uncooperative when users lose their account access. The reason could be lack of staff. With only 450 employees tasked to service 1 billion active users, it may be impossible to help out everyone. In contrast, Facebook – Insta’s daddy – has 58,000 employees to deal with a user base of 2.9 billion.

Popular Instagram scams: Let’s link up

April of 2022 saw the Instagram account for Bored Ape Yacht Club compromised via a phishing attack. The hacker walked away with $3 million worth of NFTs. And it’s not just the crypto world that’s hurting. Twelve-year-old Gabriel Clark, a woodworking prodigy with 256,000 followers had his account targeted and the money he raised for Ukrainian children affected by war gone.

Insta scams like phishing where a hacker pretends to be someone they’re not, are the tip of the picture-perfect iceberg:

1) The fake message

When you get a message from a friend who purports to have been hacked. There’s a link in the message asking for help, money, or your personal info.

2) Game of lying thrones

When you’re playing a game online and it asks you to log into your Insta for either more lives, coins, or whatever is needed to win the game.

3) Unreal DMs

These direct messages appear to be from a real Instagram or Facebook employee (or Meta employee) asking you to verify your account or letting you know that you’ve violated Insta’s Rules and Policies. The message will ask you to click on a link within 24 hours because your account will be disabled. How do you know that a message like this is fake? Instagram and Facebook will never send you a direct message. To let you know about a problem with your account, they will email you.

4) Email fraud

If you do receive an email from Instagram or Facebook letting you know that there’s an issue with your account, check the sender’s address. If it does not end with instragram.com, or facebook.com, it’s not from the company, it’s a scammer.

5) Stinking link

Links are very easy to fake. A link that comes from a brand or person you admire may not be real. Even links that appear to be from https/instragram.com can be faked. Before clicking on any links on Instagram, right click on it, then copy and paste it to your notes app. This will show you if the link is legit.

6) Counterfeit collabs

Whether you’re an influencer or not, you may still receive collab messages. You could receive a link from a fake brand – they’ve pulled out all the bells and whistles to make themselves appear legit – asking for a free shared post. They’ll prompt you to click on a link to set up your profile in their system. Free is never free on the Internet so be careful before clicking on any links and google the brand to make sure they’re real.

How to protect yourself from an Insta hack

If you’ve been hacked before and fallen prey to an Instagram scam, first don’t be so hard on yourself. In 2020, 200,000,000 accounts were breached. Plus, according to Search Engine Journal, it takes hackers less than 10 minutes to take over an unsecured account.

To protect yourself from being on the receiving end of a hacked Instagram account do the following:

Give your password the strength to survive

A strong unique password goes a long way. Your dog’s name and birthday? Not unique. You may think you’re the only one on the planet with a dog named Charlie who came into this world on October 1st, 2017 but you’re not.

Important dates, names, and people in your life, don’t make great passwords. Your password should comprise a string of characters – at least 16 – because those are harder to break. If you use a password manager app, it will suggest a strong password. It will also let you know before you set your password if what you’ve chosen is weak. Don’t ignore this prompt: a weak password is a hackable password.

All the factors ever

Multifactor authentication (MFA) aka two-factor authentication (2FA) is another great protector. When you use MFA, you’ll be sent a code after your password is entered. This code will be sent via phone or email. If possible, choose email since it’s more secure than a text message.

Is your email even secure, bro?

Most of our accounts whether they’re social media, banking or pretty much anything we do online, are linked to our emails. Once a bad actor gets hold of your email – and we’re not talking about that time Ben Affleck played Batman – you can probably say buh-bye to your Instagram account. These bad actors know how to hack in someone’s Insta easily once they have your email address.

This is where MFA comes in (again). To avoid being the owner of a hacked Instagram account, ensure your email is secured via MFA or email encryption.

Say HECK NO to 3rd-party app access

When you’re signing up for a third-party service or product, you may be asked if you’d like to create your account with your Instagram credentials. For example, if you are purchasing tickets to an event or using a dating site, don’t give the third-party app access to your Insta. If that third-party’s database is targeted, your personal info will be exposed, giving horrible people free rein over your data.

You may currently be signed up for various third-party apps from years ago that have experienced a data breach creating a feeding frenzy for hackers on your personal information. It’s important to manage third-party apps and to do so, open your Instagram profile on your desktop. Go into Settings then Apps and Website. You’ll be privy to a list of apps you’ve authorized. Anything suspicious deserves to go with a click of the Revoke Access or View and Edit button.

How to recover a hacked Instagram account

If you suspect your Instagram’s been hacked or you cannot log in even though you are using the right password and username, act quickly:

Check your email ASAP

Look for an email from security@mail.instagram.com. This email will let you know that something is wrong whether someone is trying to access your account or that your password has been changed. The email will ask if you are the one responsible for the change in password etc. If the hack is in its early stages, you may be able to undo the damage via the Revert this Change option in the email.

Link me up, Scotty!

If you still can’t log in after several attempts, you’ll need to request a login link from ‘gram. On the login screen, there is a Forgot Password option for iOS and a Get Help Logging In option for Android users. This will whisk you away to Insta’s login troubles page. For iOS, hit Send Login Link. For Android, hit Next. You’ll then be asked to enter a secure email address. Keep your eyes peeled for an email from Instagram with information on what to do next.

Code red

If you’ve tried the first two steps and you still can’t access your account, you’ll need to request a code. Click the Help Us Recover Your Account screen then select I Can’t Access This Email or Phone Number. Next, you’ll be given a form to fill out. Hit My Account Was Hacked then Request Support.

The moment your request is submitted, you’ll get an auto-response email from Instagram’s security team. The message will ask you to verify your account by taking a pic of yourself holding a piece of paper with the handwritten code they’ve provided for you and the email address and phone number you signed up to ‘gram with. You’ll also need to provide the type of device you used when you signed up (iPhone, iPad, Android, Chromebook etc.).

Hacked today, secure tomorrow

Getting hacked on Instagram is common but if you take the necessary steps to protect yourself, you won’t have anything to offer scammers. Insta hacks take place when we don’t secure our own accounts but if you create the right password, use MFA, and avoid suspicious links, your Instagram will remain yours.

Alternatively, are you trying to access Instagram but are geo-restricted or blocked by your ISP? See our comprehensive guide on the best VPNs for Instagram to browse safely and securely. 

Now go upload those pics from last night. You know everyone wants to see them.

Sources:
● https://later.com/blog/instagram-account-hacked/
● https://www.architecturaldigest.com/story/what-to-do-if-your-instagram-account-gets-hacked-stolen-or-deleted
● https://buffer.com/library/how-to-avoid-getting-your-instagram-account-hacked-and-what-to-do-if-it-happens/
● https://www.makeuseof.com/how-instagram-hacked-stop-it/
● https://techxmedia.com/why-do-instagram-accounts-get-hacked/
● https://thepreviewapp.com/hacked-instagram/
● https://www.theglobeandmail.com/business/article-instagram-account-hacked-recover-tips-cybersecurity/
● https://www.statista.com/statistics/183585/instagram-number-of-global-users/#:~:text=In%202021%2C%20there%20were%201.21,of%20the%20world’s%20internet%20users
● https://en.wikipedia.org/wiki/List_of_data_breaches
● https://www.searchenginejournal.com/instagram-account-hacked/397044/