Whether you are a prolific selfie poster, get a kick from hilarious meme accounts, or just like to see what your friends are up to, Instagram can be a whole lot of fun – until your account gets hacked, that is.
Even if you don’t have millions (or even thousands) of followers, you could still be targeted by cyber criminals – and sometimes it is not obvious if someone else has gained access to your profile.
We asked digital security experts to explain the red flags to watch out for, and what to do if your Instagram account is hacked.
Why do hackers target Instagram accounts?
“Instagram scams are rampant right now, a result of its growing popularity and influence,” says Tom Gaffney, principal security expert at F-Secure, who believes that fake brand accounts, usually pushing counterfeit goods, may be responsible.
“The power of Instagram is in how many followers you have – the more followers these brands can build, the more they can push other nefarious activity.”
Stuart Dobbie, SVP of innovation at Callsign, warns that fraudsters target social media accounts in an attempt to steal confidential information: “Regardless of whether you have a lot of followers, your Instagram profile will have your phone number, email address and other pieces of information private to you. If a fraudster hacks into this, they can access all of it – and they can then use this information elsewhere.”
In some cases – usually accounts with many followers – the hackers will contact the owner and threaten to delete the account if a ransom (usually Bitcoin) isn’t paid.
Gaffney adds: “Hackers don’t tend to differentiate on the target as their attacks are automated and at scale, this means they will affect users even with very few followers.”
How can you tell if your account has been hacked?
Unless the hacker gets in contact to demand payment, your account could be compromised without you even knowing it.
“The most obvious sign is if there has been a change to your registered email or phone number,” says Gaffney. “Hackers often will alter this first to avoid you getting any notifications. You can check in your Insta settings if this has been changed.”
Also in the settings page, you can see which devices have logged into your account: “If it’s a device you are unfamiliar with then that is a clear warning sign.”
David Sygula, senior analyst at CybelAngel, says to watch out for unusual activity linked to your profile. For example: “You get a notification of a suspicious connection, you seem to have sent messages to a lot of people, your account was blocked for spamming or you have subscribed to dozens of accounts without knowing it.”
If you’re lucky, a friend or follower might alert you to a weird message they’ve received.
“Hackers are more likely to use direct messaging as that is less noticeable,” Gaffney explains. “If you see direct messages being sent that were not from you – that’s another red flag.”
What should you do if your account is hacked?
If you notice any suspicious activity, and you’ve still got access to your account, log in and change your password immediately, choosing a strong password made up of upper and lower cases letters and special characters.
If you can’t log in, check whether you’ve received an email from security@mail.instagram.com (beware of similar but fake addresses) saying your email address was changed and choose the ‘Revert this change’ option.
If you still can’t log in, go to the Hacked Accounts page (via help.instagram.com) and follow the instructions to try and recover your account.
In the case of financial scams, Gaffney advises: “Always report hacking to Instagram and never pay the fine. Instagram can help verify your identity and check for account misuse.”