Photo by Alexander Shatov on Unsplash
I discovered on Friday that my Instagram account had been hacked. A friend messaged me to say there was some strange content showing up on my grid and when I checked, sure enough, there was a post about bitcoin and cryptocurrency that certainly did not come from me. After frantic attempts to change my password and email, I found I was locked out of the account. My daughter responded in the affirmative to questions from some of my followers asking if the post was genuine and she was blocked by the hackers.
I contacted my IT support guy, feeling sure he would know what to do and be able to offer me a solution. I was shocked when he said that he was unable to help and that, indeed, no-one “in the world” would be able to help me, before adding “except another hacker”. He explained that “The hackers have changed your email address and password and they now own the account. You will not be able to regain control of it”. He suggested I contact as many of my followers as possible to alert them to the situation. “But there are nearly five thousand of them and I don’t have contact details for most of them!” I answered.
So, this is my attempt to alert those of you who follow me on Substack, and I would ask that you share the content with anyone else you feel might find it useful whether they are followers of mine or not. Apparently, this kind of hacking activity is becoming more and more common and, importantly, there is a lot of evidence online to suggest that those with free email accounts eg Google, Hotmail, Yahoo etc, are easy targets as these are very simple for hackers to access and change. This is why many are ditching their free accounts for personalised ones that are almost impossible to infiltrate. The other factor that offers us more protection is, yes, you’ve guessed it, having strong passwords associated with our email.
The one element that gives me some comfort in this instance is that the content is so clearly not created by me as it sits in polar opposite to my normal posts. Most, if not all, of my followers will realise that it is fake and ignore it. Many have been messaging me and posting to alert me about it, but the huge frustration is that I cannot respond because I cannot access the account. The best option would be that Instagram close it down completely and several friends have reported it as fake content in an attempt to get this to happen. But I don’t hold out much hope: my attempts to find a way of contacting customer support for Instagram have proved fruitless and my IT guy said that he knows from experience that Facebook and Instagram have no inclination to deal with this sort of breach unless you’re Beyonce (I wish)!
I have been wracking my brain to think of how this happened. Had I just been unlucky or had I unwittingly brought it on myself? And then a friend mentioned that exactly the same kind of breach recently happened on Instagram to a stylist we know. The penny dropped. I was reminded then, that a few weeks ago, that this same stylist had direct messaged me on my Instagram account asking if I could vote for her in her bid to join an influencer ambassadorship programme on Instagram. It seemed an odd request as she, like me, is semi-retired, of a certain age and, frankly, unlikely to be signing up for any such programme. But I chided myself for being so judgemental and moved to thinking how go-getting she still is and silently congratulated her for taking on new challenges. I responded saying “Sure. Let me know what you need me to do”, but heard nothing back and forgot all about it.
Now, I realise, it was a scam, and, second time around, they got me. I received a similar request on Friday from a gardening journalist who I do not know, but who I discovered, when I looked at her Instagram profile, writes for national newspapers, has published books and also works in TV and radio: she seemed much more likely to be a contender for this sort of online ambassadorship. She too asked would I support her by voting for her. I was inclined to ignore it, but felt churlish and messaged her back asking what the ambassadorship was all about and what I had to do to. Her response didn’t say anything about the programme but explained that I just need to screen-shot a link she had sent me and send it back to her and that would register my vote.
Remember last week I wrote about listening to your instincts? Well, this was a classic moment when I should have paid attention. I felt there was something slightly odd about both these requests particularly in the wording of them and yet, I chose to ignore the warning voice. I was busy at the time, caught up in other things. I felt it only right to help out a fellow journalist and follower of mine on Instagram in such a request. Ironically, I wasn't even sure how to do what she was asking and had to ask my daughter to do it for me. In completing that simple task, I believe we gave the hackers the information they needed to get into my account.
My advice is, be wary of anyone who direct messages you, even if it seems to be someone you know: their account may have been hacked and the message is actually coming from a scammer. The use of language is usually a clue. If the wording seems in any way odd, contact the person another way to check if this is a genuine approach – or ignore it. I wish I had done so.
We all know about the scams that go on, how they are increasingly common and how the con-men behind them are becoming more devious and convincing. They will stop at nothing. I know so many people who have unwittingly allowed hackers into their bank accounts through being taken in by convincing texts and telephone calls supposedly from their bank, Royal Mail, The TV licensing authority etc etc and because of this, I pride myself on being pretty sensible about this sort of thing, always immediately deleting anything that sounds or looks suspicious. I work on the basis that if a request or alert from a company or organisation is genuine, they will find another way to contact me.
But, naive though this may sound, it just never occurred to me that anyone would want to get into my Instagram account: I mean it’s just endless pictures of flowers in my garden and nice things I see when I’m out and about. What use is that to anyone? My IT guy warns me it is getting more and more “vicious out there” and, because bitcoin and cryptocurrency scammers are trying to find ways to reach an audience, they are using any means possible.
They look for people with a decent following on social media, hack their account and put up fake posts. If any followers think this is a real post and click on any of the links, they are on the first step towards having their Instagram accounts and possibly their bank accounts compromised. So far so bad. But what they then also do, clearly, is to send direct messages to followers of that account pretending they are the account holder and get them to respond so they can now hack, access and take ownership of another account and so on. It’s ingenious and really pretty scary.
The up-shot of my experience is that I have lost two and a half years of content, family photos and pieces of writing plus nearly five thousand followers and their comments. I have also lost my main method of recruiting readers to sign up for my work on Substack, as that is how I tell people about my writing here.
Ironically, Instagram is the only social media platform I have ever engaged with, as I have always been suspicious of the others and found little need for them. I have always preferred to live in the “real world” where one talks to people face to face and has real “friends”. I chose to start an Instagram account during lockdown to keep myself occupied and because it is image based and meant I could show pictures of my garden during the wonderful weather we had in the spring and early summer of 2020. I enjoyed it and kept going and it’s been fun to make contact with so many others like-minded people through using it. I feel now that I was right to be wary, but not, unfortunately, wary enough. Meanwhile, my account is still there, in my name, but I cannot use it and the people who now own it, can do as they wish with it and there is nothing to stop them.
Of course, what has happened to me is nowhere near as bad as having a breach of security on one’s bank account, but it is none-the-less upsetting. I feel foolish and humiliated. I feel angry and frustrated. But most of all I feel sad. I enjoyed putting my posts up on Instagram and sharing the images for them. I enjoyed conversing with my followers, many of them people who have been reading UK Country Living for years and know me from when I was editor there. I enjoy hearing about their lives and they clearly enjoy hearing about mine. My daughter says I should open a new Instagram account and she will help me make it more secure, but I don’t know. It was a lot of work to lose and what’s to say it won’t happen again, that I will try to do the “right thing” for someone and as a result end up losing everything and risking the security of others for a second time.
I have now lost my regular way of telling people about my writing on Home Truths and growing my readership. The only other method of getting it to new readers is by you, my subscribers, sharing it. If you know of any others who would enjoy my newsletter each week, please share this post with them by clicking here
I can hardly bear the thought of starting all over again with Instagram. What would you do if you were me? Please leave your thoughts in a comment below
I do hope this hasn’t deterred you from Instagram. I enjoyed looking at all your photos. As soon as I saw the recent posts I knew you’d been hacked.
I think what’s happened is a strong reminder to us all that we have no control over a site controlled by someone else. They don’t represent our interests; only we have our own best interests at heart.
This happened to me a couple of months ago. An Instagram friend direct messaged me asking me to help me get them back into their locked out account. The request was to take a photo of the message and send it back to them. This was the bitcoiner’s way in and I lost my account immediately. It was just an account for posting photos of days out and not work related. I had about 200 followers. Despite filling in 2 report forms to Meta I heard nothing. I was very upset and felt invaded. I recently decided to set up a new account. It’s not the same and I don’t have the same enthusiasm for ‘growing’ my account but I have an account should I wish to use it. Meanwhile my old account of 5 years sits there in abeyance and unattainable. I am still very annoyed with myself at the lack of attention I paid to the DM I received. At the time I sent warnings to all my account followers (through another Ig friend’s account) I also warned people via my other social media accounts. I feel I tried my best to prevent others falling victim to the same scam. The bitcoiners also contacted my daughters - and I don’t even follow them on social media. I would say set up a new account if and when you’re ready but it just won’t be the same as your old one.