It’s like someone is switching off all the electricity around us. We built our Instagram profiles with so much love & passion, day after day, years after years. Growing our engagements, spending thousands of hours behind the screen, commenting, liking pictures. Trying to getting to know people and getting our name out there. It’s not easy as it seems! Especially if you’re one of those content creators or instagrammers that didn’t buy a single follower throughout the years, but sweated every single bit of what is Instagram.
I heard lots of stories these days. So many content creators are losing their profiles to random unknown hackers. It’s very sad when not only you lose your job but also your passion and years of trying and building your community.
So today I decided to write this blogpost to try and help – with all the resources I found online – anyone who’s dealing with this issue. (know you’re not alone in this!)
The first blogpost I credit it’s by Elise from WHAT the FAB, which experienced it herself. Here’s what she says:
On Friday afternoon, the unthinkable happened. My Instagram account @WTFab was hacked, and stolen right out from under me by Instagram hackers. It’s basically every influencer’s worst nightmare, and while I take a couple precautions with my account like enabling 2-step verification and occasionally changing my Instagram password, I never actually thought it would happen to me.
How her Account was Stolen by Hackers
Here Elise says: Hackers have now found a way to bypass Instagram’s 2-step verification. I was trying to jam through a few emails that had been sitting in my inbox unattended to the last couple days. One of them was an email from a brand called Sheike, asking what my rates are for an Instagram collaboration (this is a real brand, and I found out later the hackers have been using several different brands and their Instagram names in these emails). This is a really typical email that influencers receive on the daily. I scanned it quickly, clicked the link to Sheike’s Instagram page to check out their aesthetic, and responded back with my rates. I was not asked to log into my Instagram account and enter my password and username (other influencers who received a similar phishing email were prompted to log in), but I was already logged into Instagram on my browser. This was where the hack happened.
WHAT TO DO IF YOUR INSTAGRAM GETS HACKED 2020
The link. While the Instagram link at first looked legit to someone rushing through their inbox, looking back on it I realize that Instagram links do not get shared in that format. When you directly link to an Instagram photo, it looks something like this: https://www.instagram.com/p/BlgQs5dAsjZ/?taken-by=wtfab when linking through a desktop, or this: https://instagram.com/p/BlgQs5dAsjZ/ when linking through the app. Either way, the link in the email with the photo_135 is slightly off, and should have raised another red flag for me.
The URL when I hovered over the link. This is the most important part, and where the key learning lies. If you look at the screenshot, the link looks like an instagram.com URL. However, if I had taken the time to hover over the URL, I would have seen https://lindagram.ru/sheikeandco/ at the bottom left of my screen, which is obviously some phishing bullshit.
What you can do now to prevent it:
Have 2-step on. Have 2-step verification on for all of the things. While it didn’t help in this case, Instagram is working on building a non-SMS 2-factor auth, similar to what Google already has with the Google Authenticator app.
Suspicious links and email names. Be hyper-vigilant. Gone are the days where I’d try to breeze through my emails in an effort to get my unread emails number lower without paying serious attention to the sender’s email and all of the links (and links shown at the bottom of screen when you hover over a link). This was one of the hackers email: anyhirl92 @gmail.com , always check that if the name doesn’t ring a bell and it’s weird, don’t click on their emails or links.
Protect yourself from SIM-swapping hacks. I don’t actually think that a SIM-swapping hack was used in my case—I think my browser session was basically stolen and the hackers were able to access my Instagram account that way because I was already logged in on Chrome—but through my research from this unfortunate incident, I found a few recent articles about how to protect yourself against SIM-swapping hacks. Here’s another article about it if you’re into some light reading on how fucked phone hijacking is and preventative steps you can take.
Remove Suspicious Apps From Your Instagram Account. In the ‘Security’ menu you can find a list of apps and websites that you have given access to your account.
Save some posts or stories from your business account on a different (personal) account, so if the hackers will change your account name, you will be able to find it from those posts.
Try with Instagram Help Desk
In “Settings” – “Help” – click on “Report a problem”
- You have to provide all details to the Support Desk as quick as possible. Every minute matters! Be prepared to inform the Instagram helpdesk of the following:
- A brief description of the issue you’re experiencing, including the date you last had access to your account and how you lost access
- The email address or mobile phone number you used to sign up for your account.
- Your account name, new account name created by hackers
- The device you used to sign up for your account (example: iPhone, Android, iPad, computer). If you signed up on a computer or tablet, please also tell us which operating system you used (example: Windows, MacOS, Linux) when you signed up.
- Any previous usernames you’ve had on the account you’re requesting support for
- Very important: At the same time, you have to keep in touch with the hackers and keep conversation with them as long as possible not allow them to delete the account and to win some time for the Instagram support team to get on the issue and react (stillmiracle.com)
How to get your Instagram account back
- Locate the “change of email” notification from Instagram. Revoke access to the new email that they changed it to immediately.
- Change ALL passwords including email, facebook, bank and other Instagram accounts immediately.
- File a claim that your account had been hacked.
- Check your browser history or recently opened emails for the fishing link and then make sure not to click that again.
- Draft a response to your hacker. This can at least buy you some time.
Also stillmiracle‘s post where she says:
Eventually, after almost 2 hours of simultaneous communication with the hackers via email and Instagram support team, I received a life saving message and account recovery link from the helpdesk. I understood that I had to react quickly and change password via the link as quick as possible, which I did.
Instagram Hack 2020: What to do & How to Prevent it