The internet is awesome, but one thing we all know for sure is that it’s getting more dangerous all the time. You probably know someone who has had their identity stolen online, or maybe even their credit card information. Chances are, you also probably know someone who has had their Instagram account hacked. This scene is becoming more and more common all the time, and it’s downright terrifying.
Let’s set the scene.
You wake up one morning and drag your groggy self out to the kitchen to make yourself some coffee in the midst of children pouring cheerios all over the counter while missing their bowl. You know, a normal morning for a parent. After establishing some sense of order in your home and taking your first few sips of coffee you’re ready to get on Instagram to see what you’ve missed while you were sleeping and answer some of those DMs you’ve been pretending you didn’t see for the last five days.
Wait a second…when you go to open Instagram, it’s asking you to login. Well, stuff happens right? So thinking nothing more of it than feeling casually annoying, you try logging into your account. Uh oh….the app is telling you that your username or password are incorrect. So after guessing every potential combination of username and password imaginable, you eventually decide to reset your password. This is when things get much worse.
When you try to reset your password, the app tells you that the password reset email is being sent to an email account you’ve never seen before. Panic starts to set in, and while you’re trying to contact the very difficult to reach support staff at Facebook (owner of Instagram) your friends start sending your messages asking you if your account was hacked? You’re surprised that they could know such a thing, and you ask them how they found out you’re having Instagram trouble. Then you start receiving screenshots from your friends and family of images and stories being posted by the hacker of your account.
The story ends a lot of ways. Perhaps the hacker reaches out to you and asks you for $10,000 ransom to get your account back. Perhaps the hacker simply continues to message people on your behalf and turns your account into a very real looking spam bot. Perhaps the hacker deletes all of your photos, and that’s the end of your Instagram life. Of all the potential endings, the most rare scenario is that Facebook will do anything to help you recover your account. As a matter of fact, only 1 in 27 hacked accounts are ever retrieved with the assistance of Facebook, and usually these are accounts belonging to multi-million follower personalities.
Are you anxious yet? Because my heart rate is racing just thinking about this sort of thing happening to me.
So what can we do?
Well, believe it or not there’s quite a bit you can do to prevent this sort of thing from happening to you! Securing your digital world is like setting up a security system for your home. If someone wants to get in, they can find a way. So that’s why home security systems are all about making your house a less easy target for the bad guys. No criminal wants to work harder than they have to work. They’re not all the different from us; they probably just needed more discipline when they were kids or something. Your goal needs to be having a secure enough account that hackers and other bad guys keep on walking when they realize your account isn’t exactly low hanging fruit.
Everything I’m sharing here also applies to the rest of your digital life. So while you’re at it, give the security of your other online accounts some thought.
Before I continue, I just want to point out that the information in this post is just general advice. If you want to consult with us on an individual basis for a customized plan that goes even further to protect your Insta-life, please book an appointment with us by visiting our Influencer Coaching page, and select my name from the list. Internet security is sort of my thing.
Use a unique password for Instagram.
Actually, you should be using a unique password for ALL the websites and apps you access around the internet. This advice goes for more than just Instagram. That being said, the number one way hackers get logged into your accounts is by getting logged in with one of the passwords you use on another website.
It’s actually very easy for them. One the dark web there are millions of email addresses, names, and passwords, that can be readily purchased or accessed by bad guys around the world. This information was obtained by a hacker compromising some website database out there in cyberspace. If you had your an account with the organization that got hacked, your password could also have been exposed in conjunction with your email address. This means that if your username and password for Instagram are the same as another website, your Instagram account is at risk just from that other website being hacked.
For instance, let’s say you have an online account at your grocery store of choice. Let’s say you have the same email address and password for the grocery store website/app as you do for Instagram. When a hacker steals the customer database from that grocery store and sells that information, your Instagram login is being sold with it by nature of it using the same information. So then a second hacker comes along just looking to hold people’s Instagram accounts ransom, and he buys this customer database. Then he systemically tries logging into these accounts, because two in three people use the same email address and password for everything; or at-least some similar variation.
Solution: It’s pretty simple. Set a password for Instagram that is only for Instagram and nothing else. If you’d like your account to be even more secure, use another secure or safe primary email account for your Instagram account that isn’t used elsewhere or posted anywhere on the internet. Email aliases can work great for this.
Don’t open emails from “Facebook” or “Instagram.”
I see this all the time. People get an email they think is from Instagram, but in reality it’s a hacker trying to steal their login information. Just because an email has an official logo and text, doesn’t mean it’s a legitimate email. I want to tell you that you should always check the “From” address to make sure it’s really coming from @instagram.com or something along those lines, but the sad truth is that sender addresses can be faked pretty easily as well.
So it’s important you use common sense when receiving email from Facebook / Instagram. Just remember, it’s actually a rare thing for either service to email you about anything important; the exception being email notifications when unauthorized logins are detected or account information has been changed. Ultimately, important legitimate messages sent via email are also usually in your notification tab.
If you’re getting an email from Instagram or Facebook about something that you didn’t ask for, like a password reset, or something that sounds too good to be true like being reached out for a special profile upgrade. Essentially, if you didn’t do anything yourself that would prompt Instagram to send you an email, you shouldn’t click any links.
Solution: Unless you’re absolutely sure that an “Official Looking” email came from Facebook or Instagram, do NOT click any links in that email until you think things through first. This actually goes for any online account. Added bonus…don’t click on strange images and links sent to you in Direct Messages on Instagram unless you think it’s for real. There are some images circulating that can actually steal your login when you download an image to your photos from a DM. Scary right?
Two-factor authentication is your best friend!
Really. Two-factor authentication is better than the most cuddly of friends. Dogs may guard your home at night, but the real love goes to “Two-factor authentication.” Even the name is cute right?
All jokes aside, this is probably the most powerful security tool you have at your disposal. Remember when your parents would talk about old movies where it took two keys to launch a missile from a submarine? I remember stories about movie’s I’d never end up seeing where the captain, and the first officer, both had to turn their keys to start the launch sequence. It kind of makes sense right? Two keys means it’s harder for someone to break in.
Two-factor authentication (or 2FA for short) is basically the same thing. It’s like the second key to your precious Instagram world. Once you enable 2FA, logging into Instagram will never be the same. Going forward, when you enter your email/username and password, the app will then prompt you enter a special code to continue with your login. This code is then sent to your mobile phone via SMS as a text message. Just enter that code and you’re logged in to Instagram!
I’m sure you can already see the beauty of this. Even if someone had your username and password, they would also need your mobile phone in order to login since they wouldn’t have that code. Plus, that code changes every minute or so. That means they would have needed the code from that specific login attempt, and they couldn’t just use an old code laying around.
Solution: Just enable 2FA!
To turn on text message (SMS) login codes for your mobile phone:
- Tap instagram-user-profile or your profile picture in the bottom right to go to your profile.
- Tap in the top right, then tap instagram-settingsSettings.
- Tap Security, then tap Two-Factor Authentication.
- Tap Get Started.
- Tap next to Text Message.
- If your account doesn’t have a confirmed phone number, you’ll be asked to enter one. After entering the phone number, tap Next.
Security isn’t always this simple.
Keeping your accounts secure isn’t always as simple as all this, but these steps will prevent you from being an easy target. I’m willing to bet that 99% of cyber attacks that could snatch your IG account away from you will be prevented by following these steps, but if you want even more piece of mind because your Instagram account is your livelihood or your business, we’d love to help.
If you’d like to have a full Instagram security audit done on your account, we can help you take even further steps to ensure your account is as safe as it possibly can be in this crazy world. Just reach out to us over at our Influencer Coaching page or you can contact us directly at [email protected].