How to protect your Instagram account from being hacked
On Christmas Eve, Russian hackers launched a spree of hacking Instagram accounts with substantial following in an attempt to blackmail them for money or lose their Instagram accounts and years of hard work forever! How do I know this? I too was targeted by these hackers and saw many of my friends’ accounts disappear overnight. I was lucky to have kept my account because I had it protected so I wanted to let you all know how to protect your account from hackers and what to do if it does happen to you.
I have seen the entire Instagram community pull together to help those affected and share their resources so I will share what I learned and from whom in this blog and also share the steps that I had already been using to luckily prevent this from happening to me.
How I almost got hacked
On Christmas Eve I received an email titled “Offer of collaboration with @ Realisationpar”
It was Christmas Eve, not only was I in full on holiday mode, I was busy and distracted trying to pack up the car with presents and pack for the few days that I would be staying in my Dad’s house for Christmas. Instinctively the first thing I did was to check the instagram page of Realisationpar. It looked like a legitimate Instagram account. It had a following of 439k and many, many fashion posts. It did dawn on me that I was not your typical fashion girl or model!! So I did wonder why this company approached me. However, I do get many collaboration requests daily, most of which I turn down becuase I don’t “feel” the product, it is not the right fit for me or something that I want to promote to my following. I honestly only choose to work with and promote brands that I honestly use or buy myself and 100% love. I do however give each email attention. If someone took the time to reach out to me I always take the time to check out their offer and reply even if it is not for me. Judging by the size of those teeny tiny clothes I expected that this would be one of those cases so I politely replied and thanked them for getting in touch and sent them an email with my rates and media kit attached.
There were a few things that I should have picked up on but didn’t initally. Notice the space between @ and Realisationpar. The typos which are clearly obvious ” in the Instagram”. The lack of branding photographs or any branding signature at the bottom of the email.
What I did wrong:
- I didn’t click on the email sender to expand the email address. In this case it was email@example.com which didn’t match the sender name and should have alerted me that there was something fishy
- I didn’t pay attention to the fact that there were no branding photographs or signature at the bottom
- I didn’t pay attention to the unprofessional typo’s which do not in themselves indicate a hacker, come on we all make typo’s, but it should alert you enough to be aware.
The hackers took advantage of the fact that is was Christmas, that people would be distracted and that guards were down.
What I did right:
- I immediately checked the instagram page of the clothing company. However the hackers had picked a legitimate site so this didn’t ring any alarm bells.
- Most importantly I DID NOT CLICK THE LINK.
I immediately received a reply email. This time I was in my Dad’s house. There was a lot of activity and I was super distracted. The next email should have alerted me more. There were more typos, some Russian writing and an insistance that I click the link to see the item they wanted me to promote.
And guess what guys I clicked the link! I stupidly clicked the link!! The link appeared broken. It didn’t take me straight to the Instagram page I was expecting, I was already logged on Instagram on my phone so it should have taken me straight there. Instead it brought me to the Instagram log on page to enter my password. I went back and clicked the link again!! (I did say I was super distracted ). Again it brought me to an Instagram log in page and I did what you should not do, I entered my Instagram log in details. Immediately it kicked me out of my gmail account and logged me out. All of the alarm bells were now going off in my head. The ones that should have been going off 5 minutes before when I was in full on Christmas mode. I panicked I grabbed my husband’s phone. He has my instagram logged on his phone too and I immediately changed all of my passwords. This happened in seconds. I also had two factor authentication turned on so this may have bought me the extra seconds I needed. I waited and waited expecting my account to be deleted but nothing. By the luck of the Irish I had narrowly missed out on having my account taken over by Russian hackers with blackmail requests for large sums of money to even get a sniff of getting it back.
And then I painfully watched accounts belonging to many of my Instagram friends disappear, accounts like @thehopefulhitchhiker_ and @flipflopwanderers_. On Christmas frickin Eve! Everyone was in a panic. Those who had not been affected were trying to reach out and share the new accounts of those that had lost years of work not to mention their livelihood in some cases. One account that went above and beyond to help those affected was @agirlwhoblooms.
The story of @flipflopwanderers_ really struck a cord. They had built their following to 52k and had just celebrated reaching 50k followers a few days before. They were on a high, it was Christmas Eve and whilst they were cautious like me, their guard was most definitely down. They were understandably devasted as I would have been and following their emotional stories on the new Instagram account that they had made was just heartbreaking. Some people might be unsympathethic. So what? It looks like you have it all anyway, jetsetting around the world, getting free products or trips from tourist boards and free accomodation in fancy hotels. I can understand that, but that is how things look superficially. In reality there is a lot of hard work that goes into keeping and maintaining a successful Instagram account. Hours creating content, editing photos, searching for new and interesting places to bring to the attention of your followers, responding to messages and engaging with your followers. Whilst I personally find all of this enjoyable there is no denying the amount of time and creative investment you have to sacrifice to Instagram. That is why the rewards make you feel valued and why it would be just heartbreaking to lose it all. Anyway, rant over, either you understand the work that goes into creating an Instagram account or you simply don’t and think along the lines of “it’s just inflencers trying to get stuff for free”. Trust me! Nothing in this life comes for free.
So @flipflopwanderers_ got sucked in the same way I did. They received a very similar email to mine except from a clothing company @ Shopdressup (again notice the space after @). They did the same as me. Checked Instagram first, it was a legitimate clothing company so they clicked the link. Again the link brought them to an Instagram log in page but they didn’t think anything of it and put in their Instagram log in details thinking that it was a legitimate collaboration request like they too get every day. Shortly after this they got an email informing them that their Instagram had been blocked and to unlock it they had to send $215 in bitcoin to the hackers or risk having their account deleted forever. They thought it was a joke and in the next three hours went through every emotion possible as they tried to rescue their account. In the end they decided they couldn’t risk it and paid the hackers. This is an ordeal in itself because how many of us casually have bitcoin accounts? The hackers still did not give their account back despite saying they would 5 minutes after payment had been received.
Does Instagram help?
Short answer. No. You can email and email to your heart’s content but if you get any response at all it will more than likely be an automated email. We all know that this is one situation where you need to be taken seriously and need that human connection so you can explain your situation in the hopes that the Instagram powers that be can help you. If you are lucky enough to get some sort of response (after like 2,000 emails on your part) more than likely any recovery email links they send you will be to the email address the hackers changed it to. Like Duh!
Come on Instagram! You need to be doing more to secure our accounts, especially when people’s livelihoods depend on this. And if you can’t sufficiently secure our accounts you need to have a satisfactory customer support system that users can reach out to in these serious situations. Even turning on two factor authentication, as Instagram suggests, doesn’t completely secure your account because the hackers can intercept your text message to get your “secure” code. It is worth turning it on though to give you those few extra seconds if you realise that you have been hacked immediately.
How to protect your Instagram account from being hacked.
So how do you protect your Instagram account from being hacked? It is so important to secure your account and don’t put it off. DO IT NOW! Also please pin and share this blog in the hopes that it helps somebody else.
- Pick a password that is harder to hack. Make sure your password contains a mix of letters, capital letters, numbers and symbols. DO NOT use the same passwords on all of your accounts such as Facebook and email. You may even want to use a password manager to keep track off and manage your passwords.
- Download the Google Authenticator App. This App creates random codes for the two factor authentication and is more secure than text message two factor authentication that can be intercepted by hackers. I use this app for other websites such as to secure my Amazon online shop. This is a more robust way of securing your account.
- Open your Google account security page and click on 2-step verification.
- Under the Authenticator App section, click “Setup”
- Next choose your device type (Android, iPhone) and click next to reveal a QR code.
- Open your Authenticator App and select “Begin Setup”.
- Select “Scan a barcode” and scan the QR that is open on your browser.
- Click the next button and type in the code you see on your mobile into the text box and click verify.
- You are now set up.
- Go to your account settings on instagram and turn on your two factor authentication.
- Switch on the toggle for third party Authenticator Apps
- Make sure your email account is secure. Your email is a bit like a gateway to all of your online accounts so your primary concern must be to secure this.
- Any emails you receive must be carefully considered. Always check the email address of the sender. If anything seems odd, as in my case the email address had a very different name to the sender, or there are obvious typos like firstname.lastname@example.org please be extra vigilant.
- Most important of all. NEVER, EVER, EVER, click any link in an email even if it looks legit. Search the account in google instead or retype the link. Hovering over the link will also show you where it is actually linked to.
- The link should be a URL starting with https:// which means it is a secure link but if you notice the link I was given started like this.
- Be wary of extra words or information at the end of the link and get used to what normal links look like. For example https://www.instagram.com/p/BrgpHiFi is probably a real link whereas
https://www.instagram.com/p/BrgpHiFi/by=realisationpar is not. Notice those extra words at the end.
- Here you will find a list of apps that you’ve authorized to access your profile and account information. If you notice anything strange, you can easily click revoke third-party app access by clicking Revoke Access button.
What to do if you do get hacked.
If the worst happens and you do get hacked, try not to panic. Change all remaining passwords while you can to protect linked accounts like Pinterest or Facebook. Immediately protect your blog. Even though you might be tempted to try to secure your Instagram name as it will now be free DO NOT set up a new account with your old account name. As @flipflopwanderers found out the hard way it makes the possibility of retrieving your account very difficult. There are mixed reports about whether to pay the hackers or not. I know some have been “lucky” and got their accounts back shortly after paying and others who say the hackers kept asking for more and more money and their account was deleted anyway.
Through word of mouth from people like @agirlwhoblooms and @flipflopwanderers_ one person seems to be coming to the aid of those that have lost their accounts. He works on a donation basis and will require access to your email account which I’m sure will go against every instinct after having just been hacked. But this guy is one of the good guys. His name is @JuanR325 and you can check out a YouTube testimonal to him here by @jessthedragonesss
I have no idea how he does it but he seems to have helped all of those affected restore their accounts. This latest spree of hacking on Christmas Eve should teach us all a very valuable lesson in how vulnerable our Instagram accounts really are and how we must do our best NOW, TODAY to secure our accounts. Hopefully this comprehensive guide in how to protect your Instagram account from being hacked will help you to protect your account. Be sure to spread the word by pinning and sharing so that others don’t get caught out the same way.
Until next time you crazy kids!
If you liked this you may also like:
- Be sure to follow allaboutrosalilla on instagram.