Phished Instagram accounts can lead the hackers to victims’ other online accounts, especially if these accounts share usernames and passwords. All of this stolen, confidential information can then be monetized and sold on the Dark Web.
And what’s worse, victims won’t even know they’ve been hit, because the spoofed page will redirect the victim back to the “real” Instagram like nothing ever happened. Crazy right?
How Can Instagram Phishers Control Your Account?
There are two common methods a hacker could use to control your account: Ninja Mode or Owning Mode.
In Ninja Mode, a hacker doesn’t change the password or steal the account. They lurk around undetected and track users’ daily activities. The hacker then poses as the user and asks their followers for personal information. Because of Instagram’s features to “un-send messages” and delete conversations, hackers can use this technique without being noticed.
Owning Mode, on the other hand, is where a hacker totally “owns” the IG account: altering details and deleting information to make it more difficult for the real owner to recover their account. Effectively, the account will belong to the hacker. If the account has many followers, hackers might sell them. Otherwise, a hacker will hack the victim’s friends’ accounts using the account that was just hacked. Hackers say that it is easy to imitate a person once they have taken over their account, so they will reach out to their followers to steal more information!
How to Recover Your Hacked Account
“White Hats,” former malicious hackers “gone good,” have given us a few points to keep in mind during the recovery process, stating that it can take weeks to recover an account, because the hackers will immediately change the email, username and everything on the account to take full control. Here are steps to get back on the ‘gram:
- If you fall victim to Instagram phishing, there is a chance your username or email address associated with the account has been changed. If this is the case, in your Instagram app there is an option to “get help signing in” below log in. Instagram has provided additional steps for regaining access to your account here: https://help.instagram.com/368191326593075
- Report these hacks or scams to Instagram.
How to Prevent Instagram Phishing
The first premise of how to prevent Instagram phishing, or phishing attacks of any kind for that matter, is to be smart about how you treat your social media accounts. This relates to all platforms and apps that you connect to and that you give personal information and access to your data. Here are some basics to keep in mind?
- Before giving authorization to any kind of app, first read the permissions. Sometimes the permissions are broad and apps can have poor security. As a result, it might be possible for hackers gain all your personal information and passwords through the app.
- Keep the 2-step verification always turned on. It will prevent the hackers from accessing your account even if they know the password.
- Never authorize any suspicious apps and never use bots such as auto-follow services that promise to increase follower account or add comments to posts!
- Whether you’re interested in Instagram-specific apps or any apps of any kind, make sure you only download apps from trusted developers, ideally ones listed under Editor’s Choice or marked Top Developer. Additionally, don’t pay too close attention to an app with scores of positive reviews as these could be fake.
For more information on social media phishing, you can check out Inspired eLearning’s Social Media Phishing Infographic and my team has also created a Social Media Phishing PowerPoint that provides tons of helpful tips and information. My team are bonafide security and training experts. Employees are the veritable front line of defense for companies of all sizes, and they are especially susceptible to phishing scams. The training that we provide can help keep your company, and your data, safe. If you’d like more information on Phishing Awareness Training, check us out, and know we would love to partner with your team and provide the training and resources you need to stay informed and safe.
The original version of this article was first published on the inspired eLearning blog.
Patricia Evans is a marketing product manager for the team at Inspired eLearning. By virtue of her role, she’s immersed in all things related to security, security risk, employee training, and the like on a daily basis. You can (and should!) find and connect with Patricia on LinkedIn and you can find her over at the Inspired eLearning blog as well from time to time.