SafeHome.org may receive compensation from some providers listed on this page. Learn More
We may receive compensation from some providers listed on this page. Learn More
You’ve got some time to kill, so you decide to see what’s happening on the ole Instagram. There are memes to be seen and people’s lunches to catch up on, after all.
It’s asking you for your password, though. That’s weird. It never does that…
Now why isn’t your password working?
Your friend checks their account, and it looks like someone posing as you is using your platform to shill cryptocurrency scams or beg your close friends to venmo them cash.
Well this is no good.
It’s no fun when someone changes the password on one of your accounts, and not just because you’re missing out on the latest celebrity gossip. Unlike this year’s worst ransomware attacks and nastiest COVID scams, which usually resolve themselves, the Instagram account takeovers happening today are often the means to a darker end.
The intel on the latest round of Insta hacks suggests that grifters are using hacked accounts as pawns to gain access to their followers. In other words, they break into your account and then use it to expose a much larger group of victims to malware and scams.
You’re reasonably careful, as in you don’t have passwords like 12345! or SHIALEBEOUFISGOD. You use a VPN when you’re connecting to the internet in public. You don’t click on random links in emails or SMS you’re not sure about.
All good. But in preventing account takeovers, it might not be enough. IG fraudsters may have already had your data from the last monster Facebook data breach back in 2018. Remember, IG logins go for $45 a pop on the dark web, a pretty safe investment when you consider that the average IG user has 150 followers.
As long as the cybercriminals haven’t broken into your email or SIM jacked your phone, one of the following steps should have you covered.
One of the easiest ways to regain control of your account is to revert the change to your password. If you suspect someone else is using your account, check your inbox for an email from security@mail.instagram.com — you might have lucked out and they sent you a request to confirm a change to your account. If you find that email, click “revert this change.” Boom. Now the scammer doesn’t have access to your account anymore.
If the fraudsters went the whole hog and changed both your email and password, which is likely, you’ll need to request a login link. You can do this by asking Instagram to send you a login link via email or SMS. Just tap “get help” on the login screen to start the process. Again, the hackers won’t be able to intercept the link unless they’ve taken over your email or SIM card. IG will lead you through the rest of the process.
If the login link method doesn’t work, you can ask Instagram support to send you a one-time security code by following the same instructions on the login screen.
So a cyber scammer took over your IG account and you lived to tell the tale. It’s not the end of the world. I mean, you could have lost your Social Security number in the latest mammoth T-Mobile data breach.
But still, fraudsters broke into one of your accounts, and it doesn’t feel good. Here’s what you can do to make sure it never happens again.
Ok, this is Digital Hygiene 101. If you don’t have two-factor authentication set up for your IG account already, you should do it now.
With 2FA, no one can log in to your account without a one-time password (OTP) sent either via email or SMS. So that thief who snuck past your radar and into your account and changed your email because you missed the change of address notification? With 2FA that can’t ever happen.
A lot of us set up 2FA with email or SMS notifications. This is a lot better than nothing. But as the folks at Apple have shown us with their latest awesome iOS privacy upgrades, the safest way to use 2FA is with a free authentication app like Authy or Google Authenticator.
Normally, I’d just recommend a good free password manager like Firefox’s Lockwise or Google Password Manager. They’re free and secure ways to store strong passwords right in your browser.
FYI: There are tons of great services out there, but plenty of identity theft protection services you’ll want to avoid. You don’t want to put all — or any, really — of your digital eggs in these baskets.
But the IG imposters mentioned previously were harvesting breached data, meaning that it really didn’t matter how strong the password was because the hackers stole it from Facebook, not the user.
And this won’t be the last time. Mega breaches aren’t going to go away overnight, even with Google officially entering the cybersecurity fray.
In this case, not even a subscription password manager like 1Password would notify you until the breach went public. But a best-in-class identity theft protection service would alert you, because it would be crawling the dark web for your credentials 24/7. As soon as your login info went up for auction on the darknet, you’d get a message on your phone.
Game over for the Insta crooks.
Many of us are savvy about avoiding third-party apps on social media platforms like Instagram. It’s 2021 and it’s practically a Pavlovian response from past bad experiences. You downloaded an app, Facebook didn’t protect your info, and your data went up for sale, maybe not on the dark web, but to a Purdue-sized data farm. Not a good feeling.
But you should be careful with any third-party apps. After all, the GriftHorse hackers conned 10 million users out of over 100 million dollars in broad daylight with apps for sale on Google Play.
So, along with two-factor authentication and ID monitoring, be very selective in the apps you download onto your devices, and be even more careful about giving any sensitive details or permissions to those apps.
Getting scammed is no fun, especially when the scammers are using your profile to scam your friends and followers. But the good news is that, while you can’t control who breaks into Facebook, you can easily stay one step ahead of Insta crooks. All it takes is a little proactive digital hygiene.
The most important step you can take against app hackers is to toggle on 2FA. They simply won’t have any way to worm into your account that way.
Then consider an ID monitoring service. You’ll get advanced warning if any of your logins ever do go up for sale on the dark web.
Finally, download third-party apps sparingly. They could be harboring malware, even if you found them on Google Play or the Apple Store.
Oh, and if you did get hacked and do get back into your IG account, make sure to let your followers know what happened. The IG fraudsters used your followers to commit their crimes. You can use those same numbers to put them out of business.