As social media usage has skyrocketed during the pandemic – and Instagram in particular – hackers have taken notice.
Instagram, the land of cute pet photos and foodie chronicles, is increasingly becoming the target of cybercriminals. It’s not just the rich and famous or influencers who are being targeted. Ordinary people are reporting in growing numbers their Instagram accounts have been hijacked. And when they are hijacked, they’re extremely difficult for the user to get back.
There are several reasons why hackers want your Instagram account. It has serious value on the internet black market known as the dark web. Consider, a hacked Instagram account sells for $50 or more on the dark web, whereas a stolen social security number sells for $2.
“Instagram is the king of social media,” says Josh Constine, former editor of TechCrunch and now a consultant and investor based in San Francisco. “So it’s a crown jewel for hackers to steal.”
The reason it has such value is because it is an authentic account that seems legitimate. Hackers in the past have resorted to using fake social media accounts to spread propaganda and misinformation. As Meta, owner of Facebook and Instagram, began getting wise to these scam accounts and deleting them, cybercriminals changed their tactics.
Meta also deletes billions of fake accounts annually across its services. That’s partially why there’s been increased interest from hackers in stealing existing, highly used accounts instead of starting new ones.
Individual accounts aren’t the only targets. Corporate Instagram accounts are also getting hijacked. In some cases, cybercriminals may seek a ransom to give the account back to the original owner. Ransoms ranging from $40,000 to $80,000 have been reported.
But in most cases, the cyberthieves take over the account, quickly change the username, associated email address and password, and pose as the original owner – possibly even using their photos posted on Instagram – to establish credibility and then solicit cash under false pretense, sell bogus goods or forward other scams designed to steal money from others, often via the original user’s followers and friends. Cybercriminals will change the cell phone number associated with the account and enable dual authentication sign in procedures to make it even more difficult for the original owner to get their account back.
Getting through to Instagram can be a real challenge. When and if that is accomplished, recovering your account takes multiple steps, which might require establishing a secret email account and emailing a photo of yourself to Instagram with a secret code on it.
Instagram says its recovery process is intentionally difficult so hackers don’t use it to claim accounts.
So how can social media users avoid this situation in the first place? Use two-factor authentication for your email and Instagram account. Also, tell your cellphone carrier to never port your number to a different device. That’s a common way to hijack social media accounts.
Users should also beware of phishing scams where hackers send users a message pretending to be Instagram and asking them for their login information. It always pays to be on the alert!
