As attacks on accounts surge, be careful what you click on
Hackers are attracted to accounts that enjoy a high level of engagement, such as those belonging to creatives.
According to the Identity Theft Resource Center, a US non-profit organization that helps victims of stolen identity, compromised Instagram accounts have been on the rise since September last year, with an 80% increase in enquiries in January.
But why are people in the creative world being hacked? Criminals are not just looking for accounts with thousands of followers and the signature blue tick (confirming authenticity) but also those with high engagement, which is often the case with creatives. Hackers have lots of reasons to steal identities, but the main one tends to be obtaining personal data that can be sold on—so an Instagram account connected to lots of people likely to respond to messages and unwittingly share information is ideal.
The Art Newspaper’s very own Louisa Buck suffered at the invisible hands of an Instagram hacker back in October. “I received a late-night DM I thought was from Instagram (with logo and all) that informed me that I now had enough followers to merit a blue tick. It then asked me to click on a link to activate the status. (Stupidly) I did so and one of the first questions it asked was my date of birth…” she says. As it dawned on her that it was a fraudster, the Instagram app shut down and she could no longer access her account. But her hackers were after more than data—almost instantly, she received a WhatsApp message demanding money. Buck blocked the number and opened a new account in the interim.
The Vienna-based Ukrainian artist Siggi Sekira had her Instagram account hacked not long after Russia invaded her home country (she does not think the two are related, though). Six weeks later, her account remains inaccessible. The hackers contacted her followers requesting “urgent help” and, given the war, the messages attracted sympathy and drew ever more people into the hacking chain.
Instagram is notoriously difficult to contact. There are guidelines on Instagram’s online help centre—which include requesting security codes and verifying your identity with a video selfie—but these measures rarely result in a recovered account.
Some say the only guaranteed way to get back in is through a personal contact at Instagram.
In March, the artist Tiffany Cole spoke on an Instagram Live interview for the advocacy campaign Don’t Delete Art about her experiences using the app. She explained how she had managed to find a helpful employee at Instagram. “We began a partnership… and over the past few years we’ve been able to help so many artists get their accounts back,” Cole says. But recently the contact backed out. “It’s devastating,” she says. “It was one of the only ways for artists to be heard.” So, unless you’re part of the Instagram inner circle—be careful what you click on.
How can you tell if your account has been hacked?
Unless the hacker gets in contact to demand payment, your account could be compromised without you even knowing it.
The most obvious sign is if there has been a change to your registered email or phone number. Hackers often will alter this first to avoid you getting any notifications. You can check in your Insta settings if this has been changed.
Also in the settings page, you can see which devices have logged into your account: If it’s a device you are unfamiliar with then that is a clear warning sign.
It’s important to watch out for unusual activity linked to your profile. For example: You get a notification of a suspicious connection, you seem to have sent messages to a lot of people, your account was blocked for spamming or you have subscribed to dozens of accounts without knowing it.
If you’re lucky, a friend or follower might alert you to a weird message they’ve received.
Hackers are more likely to use direct messaging as that is less noticeable. If you see direct messages being sent that were not from you – that’s another red flag.
What should you do if your account is hacked?
If you notice any suspicious activity and you’ve still got access to your account, log in and change your password immediately, choosing a strong password made up of upper and lower cases letters and special characters.
If you can’t log in, check whether you’ve received an email from [email protected] (beware of similar but fake addresses) saying your email address was changed and choose the ‘Revert this change’ option.
If you still can’t log in, go to the Hacked Accounts page (via help.instagram.com) and follow the instructions to try and recover your account.
In the case of financial scams, Gaffney advises: „Always report hacking to Instagram and never pay the fine. Instagram can help verify your identity and check for account misuse.“