We are currently in the midst of an Instagram hacking epidemic.
Over the course of the last 12 months, you’ve probably been DM’d once or twice ‘Can you help me?’ from Instagram accounts you follow. Unfortunately, this has become one of the many taglines of hackers who have, unfortunately, taken over business or personal Instagram accounts. The first thing I want to address is to never reply to this kind of message as you might be the next victim of a social media hacking. Secondly, whether your account is for personal or business usage, you could be a target.
While there are a variety of recovery tools available, it’s important that you get your security in check now, to ensure that your account is hack-proof.
Two Factor Authentication
Turning on two-factor authentication for your business accounts adds an extra layer of security that is almost impossible to bypass. As the name suggests, to access your account, you will need your password along with another form of identification for access to be given.
The second form of verification most commonly comes in the form of a security code. When it comes to Instagram, if an unrecognised device tries to login into your account, the user will be prompted to enter a code linked to the account.
To bypass two-factor authentication, a hacker will need to be close to you and have access to your phone, email or app to obtain this.
<!– wp:acf/pm-alert {"name":"acf/pm-alert","data":{"title":"How to set it up","_title":"field_63dc5c208a0a7","content":"Click here for instructions on how to add two-factor authentication.
“,”_content”:”field_63e3067fb31ae”},”mode”:”preview”} /–>Screenshot your back-up codes
In the security section of your Instagram account, you are provided with an 8-digit backup code that you screenshot and never share with anyone. You’ll only need to use this code in the event that you don’t have access to your two-factor authentication method. This can happen when you lose your phone, or you need to log in from another device.
Protecting your back-up codes is incredibly important — if a hacker gets their hands on these then they will have unrestricted access to your account. If you are going to note your codes down or screenshot them, save them on another device of a trusted friend or family member to ensure that you know they are safe and easily accessible.
Don’t give anyone your password
This is self-explanatory. We are taught this from the beginning — never ever give anyone your password. This includes third-party apps and programs. Whilst you may use programs to schedule posts and complete other misc. tasks, make sure they are reputable providers and have a strong track record of protecting user information.
Not only do you need to avoid giving out your password, you also need to make sure your password is strong and can’t be guessed by outside parties.
Watch out for phishing
Phishing is when a hacker will send you a link through an email or SMS message pretending to be a company and ask you to log in or change your password. The link is often a mirror image of the company’s website, however, when you enter your personal information, it will be stored, and hackers can then use this to log in to your business accounts.
Whenever you are sent an email from Instagram, ensure that the email address ends in ‘instagram.com’ and nothing else. You’ll only be sent links from Instagram if you request a password change — never for anything else.
Never click links in your direct messages
Have you received a message from a stranger in your direct messages recently?
Chances are these are hackers trying to steal your personal information and get access to your accounts. The messages sent are usually along the lines of the following:
‘Have you seen this video?’
‘Is this you?’
‘What are you doing in this video?’
Regardless of what the question is, the hackers will try and manipulate you to click on the link and then enter your account information — once you hand this over, the hackers will have full access to all your account information and features. Introducing two-factor authentication to your business account can prevent this along with the other forms of hacking mentioned in this article.
So you got hacked, what should you do now?
When you get hacked, you may have a very brief period of time after a hijacking to save the account. If you still have access to the page, head to your Instagram Login Activity page and if you see an unrecognisable device, tap it and hit log out. This will kick out anyone who has broken in. The next step is to then change your password and then set up the security measures mentioned above.
If you unfortunately have been completely logged out of your account, head to Instagram’s Help Page and follow the prompts. The first measure they have is a Face ID scan, where they ask you to take a photo of your face and they will match it to photos on your account. If you’re a business owner and your account is set up in the Business Creator Suite, you should still be able to access your page without Instagram. This is where you can also alert your followers through a post or story that you have been hacked and currently working with Meta to get your account back and to not open any links.