Help Doctor Digital, my Instagram business account has been hacked, what do I do?
Doctor Digital Says
Scams are absolutely rife on Instagram, with many accounts falling victim to pretty convincing hacks that end up with accounts being taken over and often disabled with little capacity to get them back. It's very distressing when you have spent time and money building your profile only to have to start all over again.
Parent company Meta is often slow to respond, with all complaints and account issues going through an online interface and no direct representation in Australia. Which means that you basically have to wait for a response, which may or may not come anytime soon.
Phishing is the most common scam on Instagram. There is usually some clue in the texts or email that the sender isn't legit, but hackers are relying on human nature that they will catch you off-guard, or during a moment of distraction and you do what they ask so you don't lose your account — the request could look something like this: you get an “urgent” direct message demanding immediate action to verify your account before it gets suspended.
Sometimes it’ll say your account has been compromised. Or, they might ask you to verify suspicious activity. This directs you to a link to fix the situation which is a cloned Instagram login page. You enter your username and password and boom, the hackers take control.
If a cybercriminal hacks your Instagram, your first tipoff might be friends texting you about something out of character, like a bitcoin deal, or a designer bargain that was posted to your account. They may try and blackmail you for money to get your account back. At the first sign you’ve been hacked on Instagram, you need to work fast for a recovery. Try these steps:
- Check your email: Use the email account you used when you set up your Instagram. Look for a message from firstname.lastname@example.org alerting you that someone logged into the account and changed your email address. Select “Revert This Change” in the message, and hope that it resets back to your original login and instantly change your password. Closely check the email of course to make sure it is legit.
- Request a login link: If that doesnt work, ask Instagram to email or text you a login link. If you have an Android phone, tap “get help logging in.” On an iPhone, tap “Forgot password?” Enter the username, email address and phone number associated with your account. Select your email address or phone number and tap “Send login link.” Once you get the link, click on it and follow the instructions.If you’re not sure of the email address and/or phone number you used for the account, tap “Need more help” and follow the directions.
- Ask for a security code: If the login link doesn’t do the trick, the next step is to request a security code. Enter the username, email address or phone number associated with your account, then tap on “Need more help?” Select your email address or phone number, then tap “Send security code” and follow the instructions.
- Verify your identity: For further help, or if a hacker deleted your account entirely, you’ll need to provide some additional info. If your hacked account contains photos of you, you’ll be asked to take a video selfie to confirm you are who you say you are and that you’re a real person. The review process generally takes up to two business days. If you pass the review, you’ll receive a link to reset your password.
Our busy lives and multitasking skills are great for getting all the things done, but can also make us vulnerable to these type of scams which if we were a little more curious, or suspicious, wouldn't catch us out. Here are some handy hints to help you stay ahead of the hackers:
If a message asks you to “give” something, watch out. Fraud usually mentions bank accounts, selling something, or asking for other personal info. This might include logging into an account or being asked to make a payment for something. If you’ve received any direct messages or emails you find suspicious, proceed with caution.
Enabling two-factor authentication (2FA) allows you a secondary checkpoint for account logins after your password has been used. This checkpoint requires the person logging in to verify by using another account or device that you own.
Never use a login link through a message. Always use an official URL and login directly to your accounts.
If it sounds too good to be true, it probably is. Giveaways, jobs, and other scams get you excited to cloud your judgment. It’s safer to assume that these are rarely ever authentic.
Always search for official accounts before responding to messages. You may be able to spot authentic brands and people by searching for verified accounts (ones with the blue check next to username). Big brands will have links to all official social media from their official website.
If someone you know sends a strange message, contact them directly. Reach the person offline with a phone call or talk to them in-person.
Instagram can be a boon to your business and brand, but it is inherently risky if that is your only channel of connection. Why not book a session with one of our friendly Digital Coaches to help you look at all your options and boost your cyber security to boot - all Tasmanian businesses with an ABN are eligible to 4 hours of free coaching every calendar year. Click here to book.