Phishing is the most popular way to hack Instagram accounts, because, according to the hackers themselves, it’s the easiest! Instagram Phishers simply create a fake login page that looks just like the one on the “real” Instagram. Hackers create this spoofed login page through fake apps promising to help manage Instagram users’ accounts and use free hosting and paid accounts to place it on public servers. Some will even email out the link from the fake Instagram login page and ask for your updated information. When you log on with your username and password, BAM they have your credentials!
Phished Instagram accounts can lead the hackers to victims’ other online accounts, especially if these accounts share usernames and passwords. All of this stolen, confidential information can then be monetized and sold on the Dark Web.
And what’s worse, victims won’t even know they’ve been hit, because the spoofed page will redirect the victim back to the “real” Instagram like nothing ever happened. Crazy right?
How Can Instagram Phishers Control Your Account?
There are two common methods a hacker could use to control your account: Ninja Mode or Owning Mode.
In Ninja Mode, a hacker doesn’t change the password or steal the account. They lurk around undetected and track users’ daily activities. The hacker then poses as the user and asks their followers for personal information. Because of Instagram’s features to “un-send messages” and delete conversations, hackers can use this technique without being noticed.
Owning Mode, on the other hand, is where a hacker totally “owns” the IG account: altering details and deleting information to make it more difficult for the real owner to recover their account. Effectively, the account will belong to the hacker. If the account has many followers, hackers might sell them. Otherwise, a hacker will hack the victim’s friends’ accounts using the account that was just hacked. Hackers say that it is easy to imitate a person once they have taken over their account, so they will reach out to their followers to steal more information!
How to Recover Your Hacked Account
“White Hats,” former malicious hackers “gone good,” have given us a few points to keep in mind during the recovery process, stating that it can take weeks to recover an account, because the hackers will immediately change the email, username and everything on the account to take full control. Here are steps to get back on the ‘gram:
- If you fall victim to Instagram phishing, there is a chance your username or email address associated with the account has been changed. If this is the case, in your Instagram app there is an option to “get help signing in” below log in. Instagram has provided additional steps for regaining access to your account here: https://help.instagram.com/368191326593075
- Report these hacks or scams to Instagram.
How to Prevent Instagram Phishing
- Before giving authorization to any kind of app first read the permissions. Sometimes hackers gain all your personal information and passwords through the app.
- Keep the 2-step verification always turned on. It will prevent the hackers from accessing your account even if they know the password.
- Never authorize any suspicious apps and never use bots such as auto-follow services that promise to increase follower account or add comments to posts!
- Only download apps from trusted developers, ideally ones listed under Editor’s Choice or marked Top Developer. Additionally, don’t pay too close attention to an app with scores of positive reviews as these could be fake.
For more information on social media phishing, check out our Social Media Phishing Infographic and Social Media Phishing PowerPoint, and Phishing Awareness Training Course.
The original version of this article was first published on Inspired eLearning.
- Instagram Phishing: How to Prevent It and What to Do If It Happens to You - December 10, 2018