It’s a Saturday morning and you’re just waking up. You pick up your phone to find 40 missed calls and dozens of WhatsApp messages. Who died o? On reading the messages, you find out that people are upset because the investment scheme you recommended on Instagram to them has gone sour. Who would pass up a chance to get 400% returns in one hour? There’s a 100% chance that you’ve been hacked.

Does this story sound familiar? Has it happened to you or someone you know? In some cases, these things quickly degenerate into police cases where you’re accused of fraud.

How did we get here?

Let’s start at the top. I’m going to use Instagram as a prime example because they record the most cases. Other platforms fall victim as well, and the conversation we are about to have will save you a ton of headache in the long run.

How do these hackers get in?

Phishing

More than 90% of the hacked account cases I have encountered are as a result of phishing scams. A phishing scam is where someone uses a fake website to get your login details. Depending on the sophistication of the hackers, these web pages look so much like the original that it is easy to believe they are authentic.

A typical phishing scam – the URL gives it away

Weak passwords

Your girlfriend’s name is not a secure password. Neither is your mother’s maiden name or your pet. Sophisticated hackers have cracking software they use to attempt different passwords. If you’re active on social media, there’s also the possibility that you’ve shared this information by participating in one of many innocent looking social engineering schemes.

It’s surprising how many people use weak passwords

Insecure Emails

A lot of people open social media accounts using emails that they barely use or have access to. In the past some of these emails providers have been hacked and credentials made publicly available on the dark web. As a rule of thumb, have a list of all your email addresses and be sure to access them at least once a month.

These hackers use a variety of formats to get your attention. I’ve seen the following formats:

  • I’m trying to win a competition, please vote for me
  • Someone tried to log in to your account, if this wasn’t you, click here
  • Copyright Infringement notice
  • Click here to verify your account
  • Someone posted a picture of you here, click here to view

The formats are limitless and are very convincing. With the right principles however, you should be able to know what to look out for.

Solutions

Instagram itself has provided some solutions within the application to help prevent some of this, but most people take them for granted.

Two – Factor Authentication

This is a second level authentication that requires a code to be used in addition to your standard login credentials. You can use your phone number for this, where you will get a text message, or you can use an authentication app to generate codes. Two factor authentication is also available for other apps like email.

If you live in Nigeria or you travel a lot, I would personally recommend using an authentication app. This way it’s not tied to your phone number when you leave the country and you’re not at the mercy of any network issues. I would personally recommend Authy as it also allows you to use multiple devices.

Emails From Instagram

If you check under Settings>Security, you will see a menu item for emails from Instagram. Here you will see all security and log in emails that Instagram has sent you. If you receive any security related or login emails that are not in that tab, please ignore them.

Personal Tips

  • If it sounds too good to be true, then it probably is.
  • Call the person who sent you the message to confirm if they actually sent it.
  • As much as possible, have an email attached to your Instagram and make sure it is secure and regularly monitored.
  • Do not make the email address or phone number attached to your Instagram account public on your profile. Your business email and phone number should be different from the ones used to open your account.
  • Always check the URL before entering your username and password. Click in the address window of your browser to view the address.
  • Do not send authentication codes to anyone you do not personally know or trust.
  • Verification requests are available from within the app, and you can do it yourself (I will write a new post on how to do this soon).
Always check the URL

What to do if you’ve been hacked

There are two key steps

The first is email. This is why I stress that you should have an email attached to your account and you should access it regularly. When your password is changed, you get an email notification. You can reverse it in one click by using the link provided in the email. If you’re using a browser, please make sure that you’re not logged in to any other Instagram account as the link will not work.

The second one is provided by Instagram and it’s your phone. Instagram has some hidden features that mean that you can easily retrieve your account from the mobile device that you use most frequently. Choose forgot password and trouble signing in. The app may ask you a bunch of questions. This process will get you back in if you’ve been using that phone with Instagram for a few months.

These solutions are not foolproof and sometimes you may actually need to contact Instagram which can take a while. Please be patient and provide them with the information or images they need to verify your identity.

Another security suggestion I have is to have your Instagram logged in on another mobile device. That way, you will be asked to authorize before anyone can access your account. It also helps you prevent issues that come up when you change one of your devices or some other problem.

Footnotes

A disabled account for violating community guidelines, copyright infringement or spammy behavior is not the same thing as a hack. Be sure to read those rules and avoid the stress.

All the best with your digital experience.

The force be with you!!!