This is how hundreds of Instagram accounts are being stolen (and how you can protect yours)
At this point, the number of followers hardly matters, whether there are photos sponsored by brands or not, it is not even relevant if the 'likes' that the images have are listed by tens or thousands, cybercriminals have expanded their filter and more and more Instagram accounts are being stolen. This same Friday a 17-year-old boy was arrested in Castellón for taking over 200 profiles.
While it is true that 'influencers' are more exposed, who earn large sums of money by sharing videos or photos sponsored by certain brands, any Instagram user is exposed to someone taking control of their account. In fact, surely on some occasion you have seen how someone shared, without knowing how or why, an image promoting an apparently random product.
The best tricks to get the most out of your Instagram profile GCThe techniques of cybercriminals have evolved very quickly in recent times. Some have even managed to create front companies that, once a popular user's Instagram has been stolen, contact brands to try to offer them their services and participate in their advertising campaigns. They act so impeccably and quickly that, when the owner of the profile wants to find out, they have completely lost control of it, since they have changed not only the name, but also the email address and even the contact telephone number.
The 'modus operandi'
The techniques used today by cybercriminals to take control of the accounts they attack are very diverse and varied. However, according to the testimonies of agencies and users who have been deceived in recent months, the most fashionable is 'phishing'. The 'influencers' receive an email through which they are contacted by the alleged managers of some social tool that allows them to analyze their Instagram account. They use names of companies and resources that really exist, such as Plann, Iconosquare or Squarelovin.
However, what they do is send access not to the tool in question, but to a fraudulent clone of it, in such a way that the web address instead of being '.com' is '.biz' or something Similary. Thus, by entering the access data to your Instagram profile to be able to register on said platform, the assailants can collect that information to enter and, in the blink of an eye, change the password and the access email to take control of this person's profile. Those who have suffered theft of their accounts through this method claim that in just a few minutes the cybercriminals had begun to send 'spam' to their followers.
Moreover, in the cases of those accounts that have several hundred thousand or even millions of followers, those who have suffered it assure that they change the biography itself to ensure that the brands see that the management of it has changed hands. Because this is the next step: once they take control, they soon get in touch with those firms that might be interested in using them to promote certain products and thus start earning money as soon as possible.
Therefore, if we receive an invitation to try a tool that allows us to know if our publications are more or less popular or how many followers we have gained or lost, we will have to pay close attention to the address that they send us and check beforehand if is or is not reliable. In this way we will be able to prevent some cybercriminal from stealing our Instagram account.
How to protect our account
Beyond paying attention to these details that can lead us to fall into the trap and lose control of our account, it is advisable to take certain precautions. One of the most effective methods is the newly improved two-step verification, for which only a few months ago it is no longer necessary to use the cumbersome SMS method. If we enable this option, it will not be enough for the thieves to have our email account and our password to access, but they will also need one of the security codes that we will have in our possession.
What we will have to do for this will be to resort to a third-party application that allows us to carry out this authentication. One of the most recommended is Google Authenticator, which is available for both Android and iOS. Once we have installed it on our 'smartphone' we will only have to go to our Instagram profile, press the hamburger icon that is in the upper right corner, go to Settings and in the list of options look for Authentication in two steps. When we have accessed, we will have to choose the option “Authentication application”, where Instagram will check if you have already installed one or will recommend one.
As we will have already installed Google Authenticator, it will give us a six-number code that we will have to copy and then enter it where Instagram tells us. With this function we will make our account safe from intruders, because only we can access it through the codes that we receive either by text message or by the authentication application that we have installed.
How to know if you have been 'hacked'
Aside from the suspicious signs, there is a section of your account settings that you can go to if you think that a third party may be accessing your Instagram profile (although only if you still retain control). If you go here and click on “See all” under “Logins”, you will be able to analyze the recent activity of your account. You will see a list of dates and times when accesses have occurred, so try to remember if you were connected to Instagram at that time and, if you think not, change your password.
If you use Instagram from the mobile application, access your profile and click on the menu icon (top right) and then on “Settings” (bottom right). Find “Privacy and security” and then “Account data”. There you can see the same list of connections.
What to do if you have fallen into the trap
If your account seems to have fallen into the hands of an assailant, whether it's because they're making posts you weren't involved in, you've seen something weird in recent activity, or they won't let you log in with your usual credentials, the first thing you should do is try is to reset the password. The assailant may not have been able to change the email that your profile is associated with (especially if you use a different password, which is recommended), so you could still close the door on your precious Instagram.
Otherwise, if there is no longer any way for you to access your own account, you will have to resort to reporting the profile and sending a request to Instagram to recover it. To do this, we will have to go to what was previously our 'timeline' and press the three dots that appear in the upper right corner, then go to the “Report” option. The next thing we must mark is "It is inappropriate", so that the application takes us to the possibility of indicating that "I think this account violates the Instagram Community Standards". In this way, we can report the profile, since it is supplanting our identity. In the following list of options we must indicate that "This profile is impersonating another person" to end up indicating that it is "Me".
Thus, the social network itself will be in charge of checking the data to verify that it is so. In the same way that we can report that someone has stolen some of our photos or some of our videos, we can warn that some cybercriminal took over our entire account. However, the ideal is not to have to reach this point. Take the appropriate security measures, such as two-step verification, and do not trust those third-party applications that offer us a multitude of possibilities without anything in return. Only then will we keep our Instagram safe.