It seems, lately, that Instagram has been under attack with accounts getting hacked, impersonators springing up all over, and scams galore.
Don’t get me wrong, these issues are prevalent on pretty much all mainstream social platforms. Nonetheless, it’s estimated 30,000 Instagram accounts get hacked daily. Yikes 😱
The good news is, there are measures you can put in place to help mitigate your exposure.
Granted, there’s no perfect defense or 100%-effective safeguard -- however, the tactics herein are certainly smart ideas.
Third-Party Logins: Lots of sites/apps allow you to link your Instagram account: e.g. social publishing tools or reporting platforms. The risk is—in the event one of those platforms’ user-data becomes comprised—so does your IG login. To check and see which apps/sites are “connected,” tap the menu button (☰), hit Settings, press Security, and then tap Apps and websites. The fewer, the better.
Two-Factor Authentication: On Instagram (or anywhere you’re logged in) it’s vital to have two-factor authentication enabled whereby you're sent a one-time code to authenticate any attempted login. Instagram, for instance, allows you to authenticate via text-message, WhatsApp, or by means of a third-party authenticator app. The third-party app is generally the most secure option.
Email/DM Malicious URLs: Cybercriminals notoriously make use of malicious URLs to loot your login info. That means they’ll DM or email you a link that doesn’t do what you think it does. This is an especially common tactic used by impersonators or hackers peddling exclusive perks—like Blue-Checks offers, for instance. Scroll through the next few cards to review common deceptions.
Phony “Copyright” Infringement Scams: Watch out for phony “copyright infringement” messages. Instagram won’t DM you—they’ll either display an in-app notification or email you. However, hackers could also email you, imitating an official-looking correspondence. If you get an email you’re not sure is safe, you can check in the Insta app. Tap the menu button (☰), then Settings, hit Security, and finally, select “Emails from Instagram.”
Fake “Suspicious Activity” Alerts: Fake suspicious/unusual activity warnings are go-to hacker tactics. Slow down and think before you click the link! Remember, you can double-check any Instagram email in the app to certify its authenticity. What’s more, Insta only emails from its @mail.instagram.com address. And don’t forget… Instagram won’t DM you these sort of notices.
“Lookalike” Impersonator DMs: Hackers create bogus accounts with (almost-matching) usernames, scrape an creators’ content (e.g. posts, profile name, bio, etc.) to make you think it’s them, buy followers to appear credible, block the actual creator to tie their hands, so to speak, and then message that creator's followers as if it's really them—only, it’ll eventually turn into a crypto pitch. If you ever get a DM like this, double-check that you actually follow the account. When you open the message, beneath their (stolen) profile pic, it’ll specify if you follow them. That said, perhaps you followed them unknowingly. If that's the case, be sure to look closely at the username to see whether or not it’s genuine. And if they try to sell you crypto—well, that’s a pretty good clue too.
4. Data-Leaked Passwords: Passwords are a pain to manage. Nonetheless, be wary of using the same password across the web. If there’s a data leak, for instance, your password could be getting "passed around" the dark web. Hackers may retrieve portions of your IG login credentials and obtain leaked PW datasets to try and break into your account. Also make sure your two-factor authentication is turned on!