As more people take advantage of online platforms for economic benefits, the chances of hacking the system increase. Instagram is no different, and every day we see more reports of Instagram accounts being hacked.
The stories of the media in recent times have been told. "Instagram Hacked," headlines shout as more people fall victim to the scam.
However, the platform has been slow in addressing the problem or helping those affected. Instagram customer service has been subject to harsh criticism during the process.
How does Instagram tell you to recover pirate accounts?
The Instagram tip for when you discover that your account has been hacked. However, you may have already done some of these steps.
Check your email account for an Instagram message
Often, changes, such as if someone changes the email address of the account, can reverse this change. Get a security code sent to your email address or phone number.
Click on "My login information does not work" on the login screen and then Instagram will ask you to send a security code via SMS or email. Enter the code and recover the account.
Report account and then provide identity verification documents
Follow the same steps above (you forgot the password / login help -> my login details don't work ’). It includes an email address that only you have access to.
Instagram will automatically go to that address to request identity verification. Usually, you will be asked for a picture of yourself holding a paper with a code that they will provide. This is to contrast with the selected photos or other photos of the account. You must also confirm the email address / phone number and the type of device used to register.
For companies, different information can be requested. Of course, you should make sure to send an email from an official company address if you can. This is much better than a shared or similar Gmail account.
How are Instagram accounts typically hacked?
Although hackers have stolen some high profile accounts, they increasingly focus on "bread and butter" users and small business accounts. They are behind those who can rely on their presence on Instagram for their income and who can have a non-negligible follow-up.
The demands of hacking can be relatively small in terms of the world of online bailouts. Many people choose to pay, rather than risk losing access to their list of followers and their potential source of income. Users are even more inclined to pay the ransom and recover access to their accounts due to the lack of response from the platform itself.
Hackers are particularly interested in any account based on a single word or first name. These can be negotiated in clandestine forums for many thousands of dollars.
The Process: Weak Passwords
On a very basic level, accounts can be compromised by a hacker who guesses the password.
This can be as simple as guessing what the brand-based password can be (Nike is expected not to have the ‘nike123’ password!). It may involve trying a password that has been violated on a different service.
That is why it is very important to use a unique password for each login. Password managers help to "remember" them, but given the frequency with which passwords are violated, it is very important not to use the same password again.
You can check if your email address has appeared in a pirated account violation using a tool like Have I Been Pwned, a service managed by an Australian security investigator and Microsoft ‘MVP’ Troy Hunt.
If you are sharing logins between team members, it is important that you continue to use complex passwords (many password managers have features to share!) Or products such as Sked Social – we offer an unlimited number of "collaborator" users at no additional charge for that you don't have to share passwords (never!) (for Instagram or to log in to Sked).
The Process: Phishing
The approach is quite sophisticated, and hackers take their time to establish their false credentials before attacking.
They begin by posing as a representative of a high profile company that operates in the same line of business as the target user. After an introduction and the offer of a possible association agreement or similar, they will ask the victim to follow a particular link.
Unfortunately, the link is a trap, and the user will reach a page that looks like a real Instagram login portal. When the victim tries to re-enter their account, their data will be sent to the hacker, and the victim's credentials will be compromised.
This is called "phishing" – make sure that when you click on a link in an email like that and it is sent to a login page that is the correct domain (for Instagram, it should show www.instagram.com! ).
Armed with this data, hackers log in, change the email address, phone number and password, and the scam is underway. Usually, they contact the victim and ask for a ransom that, on average, can be only a couple of hundred dollars, but that has to be paid in Bitcoin.
Unfortunately, the story may not end well even if the payment is made, since it is known that the bad guys have cleared the account anyway.
How Instagram responds
Instagram has been aware of this trend for a long time. Initially, they would confirm that they knew the information through an automated response and would continue to send generic or unhelpful mail in response to any follow-up.
However, they have been more vigilant as the problem continues to grow, and they are now beginning to suggest a more stringent account security configuration.
The new approach is based on two-factor authentication through an application that can be downloaded to the user's smartphone.
This avoids the additional problem of SIM hijacking, where a hacker can infiltrate a user's phone number and, consequently, intercept any confirmation text code.
It is not clear if Instagram will continue to offer the user (or possible hacker) the option to request a text message, since two-factor authorizations based on a mobile phone are standard techniques in the industry.
Taking a self-assessment for Instagram
In response to this type of threat, Instagram seems to have another answer. They may ask the victim to present proof of identity along with a specific code.
The platform will send them a code, and the user will be asked to return a selfie where they must hold a white paper (with both hands visible) that contains the code.
Instagram staff members will check the identity with the images contained in the account to determine if they are the same person.
If the selfie matches the account owner and the code confirms it, then Instagram can meet.
As we mentioned earlier, this may be less useful for brands, which often have no images of themselves in their entire account!
Third parties «Good Guys»
Instagram has attracted a lot of criticism so far, and many hackers have found that it is necessary to reach third-party "good" hackers to get help.
These individuals will use their own techniques to infiltrate the original hacker and regain control of the account. Some users find it more convenient to follow this path, although the legality is quite questionable (!!) and, of course, there are also scams for it.
It is probably not the best technique unless you are incredibly desperate, and even then – operate very carefully.
How to contact Instagram support
Instagram is, of course, a massive platform with more than 500 million daily active users and Instagram's customer service is very difficult to access.
How to contact Instagram? It may be better for business accounts that contact the customer service representative through their Facebook ad manager.
After all, one is owned by the other, and you can set up Instagram ads in your Facebook ad manager account. This may be worth considering if you have been the victim of a hacker.
You can contact Instagram through Facebook's advertising support. Different users will have different contact options available (commonly staggered depending on how much money you spend on advertising).
Unfortunately for individuals, there is no dedicated support mechanism available that is equivalent.
Looking to the future and avoiding being hacked (again)
Some victims have been forced to recreate their presence in social media from scratch and to restart the process of gathering their followers.
Will the measures introduced by Instagram help protect them as far as possible in the future?
Those who have been victims of the scam of false investments will surely be aware of what will happen in the future, but What method will hackers use next time? Time will tell if Instagram is ahead of the problem and becomes more proactive in response to these threats, as the size of the platform continues to grow.
If you have regained control of your account (or signed up for a new one), here are our most important tips to stay safe:
Use a secure password, not guessed and unique, and change it regularly.
Do not choose a password that is easy to guess and do not reuse the passwords you use for other sites or services. This is a very easy way for anyone (without any real skill) to take control of their accounts, either Instagram or otherwise.
It is also worth changing regularly (for example, every few months, not necessarily every week!).
Enable two-factor authentication
Instagram offers two-factor authentication through two methods, SMS and through an application like Google Authenticator.
If several people are logging into the account, it is convenient that you use the application-based mechanism.
Although the two-factor SMS-based connection may be a bit more convenient, keep in mind that it is potentially open to SIM exchange hacks (more common than you think!), So the two-factor connection Application based is your safest option.
Revokes access to third-party applications that you do not use
That random ‘free Instagram audit’ tool that you once used but wasn't very good – once you're done with it, it's time to say "thanks, next"!
Be careful with other hacking vectors, in particular with email
Today our email accounts are the keys to our kingdom.
Unless you have two-factor authentication enabled, if someone has access to your email inbox, you can reset passwords without doing anything else.
Take special care with the mailboxes you have (even those you rarely check), and be sure to maintain good password hygiene (see point 1) also for these mailboxes.