- Hackers pose as people on Instagram and ask their closest friends to help them “verify” their accounts.
- Some users reported that they were still banned after Instagram verification processes didn’t work.
- Instagram said it is working to address these issues and “stop bad actors.”
In late January, Savannah woke up to a direct message on Instagram from an account she followed.
“Hey, can you help me?” read the message. The user said he has been banned from his account and needs reciprocal connection to help him recover. Savannah wanted to be “helpful,” she told Insider, so she entered her information when the mutual sent a code.
Within seconds she, too, was locked out.
It turns out that the user she had this harrowing interaction with had also fallen victim to the same scam she just fell for. She hadn’t sent a message to the owner of the account, but to her hacker. And both have now had their accounts confiscated.
Savannah is among a growing list of Instagram users who have recently fallen victim to a fast-moving Instagram hacking scheme. The scheme is simple but contagious: a hacker takes control of a person’s account, DMs all their friends to try and steal more accounts, and blackmails as many people as possible into hacking money to get their Returning accounts or getting them to invest in shady crypto deals.
“I know a handful of people who fell for that,” said Savannah, a 20-year-old Orlando student and artist who asked to be identified by her first name for privacy reasons. Her Instagram account was her main source for sharing and selling her art and had a few thousand followers before it was hacked. She said she was still locked out and had to open a new account from scratch.
Some people are trying to raise awareness online on other social platforms faster than these hackers can move around Instagram. A Reddit user who posted received hacking attempts has since helped other affected users. They told insiders some hackers took to DMing the last few people you spoke to, leaving your closest friends more apt to help and respond.
Three hacked users that Insider spoke to said they were able to alert their friends and family on other platforms quickly enough to prevent their accounts from being compromised. But they said their hackers continued to demand money to return the accounts — $300 in some cases — and also post Instagram stories and change captions to trick their followers into investing in cryptocurrency schemes.
A modified caption read: “All thanks to bitcoin mining I just invested $500 in bitcoin mining and made $10,000 in profit in less than 2 hours. It has also been linked to another Instagram account to follow and DM how to ‘get started’.
Kenneth Leeming, 31, also from Orlando and following Savannah on Instagram, recently had his account stolen via a DM from another friend. They had sent him a link asking for help to verify them for a sponsorship deal. Leeming said his hacker then quickly began alerting his friends with all sorts of solicitation attempts.
The recovery process can be straightforward or a total dead end
Luckily for Leeming, he was able to recover his account after three days using Instagram’s face verification method. This requires users to take lots of video selfies to get different angles of their face – top to bottom and left to right – to match the photos they’ve posted to their accounts.
Unfortunately for Savannah, who didn’t post many selfies on her original art account, these automated verification methods didn’t work for her, and she wasn’t able to get direct human assistance from Instagram. After half a dozen tries, she said she decided to open a new account.
“I just decided I might as well leave it because Instagram isn’t really helping me,” Savannah said.
“We know that losing access to your account can be a distressing experience,” a Meta spokesman said in a statement. “We have taken sophisticated measures to stop bad actors before they can access accounts, as well as measures to help people recover their accounts. We know we can do more here and we are working hard on both areas to stop bad actors before they cause harm and to protect our community.”
The representative didn’t specify what actions are being taken to stop potential hacking attempts and how users like Savannah can get further assistance if current verification methods don’t work.
A familiar scheme that has become more sophisticated
Hacking has been a problem on Instagram for years. For example, in 2018, users reported that their accounts were taken over by Russian IP email addresses. But these hacking attempts have become more credible and likable, a cybersecurity expert said.
“Overall, this is part of a larger class of scams, but these attacks have gotten worse,” said Santiago Torres Arias, an assistant professor at Purdue University who researches social media hacks. “They use social mechanisms with cyber structures to abuse user trust. That makes it even more worrisome because people aren’t asking, ‘Is it really that person? Is this person being impersonated?’ All of their authentic information is on your screen – it displays it your friend.”
Torres Arias advises anyone who receives a DM asking them to enter their personal information to literally hear the request from their friend’s mouth.
“It can be useful to pick up the phone and call them and say, ‘Is that you?'” he said.
He also urges users to adopt a “good internet citizen” mentality and report any suspicious message or incident to Instagram or others
“Sometimes the only way to stop a scam like this is for everyone to stand up and let them know it’s happening,” he said.