NOTE: (This is a follow-up to an Instagram post. Last updated: 8/11/23, 4:13 p.m. MST. Previously updated: 5/25/23, 4:30 p.m. MST.)
If someone messages you and asks you to follow them, then asks for your email to send you a link to follow….DON’T CLICK OR TAP THE LINK!
What’s The Deal?
This hacker trap snared at least 2 Instagram accounts and one Facebook account in that we were aware of in April 2023; since then more were compromised, unfortunately. The unsuspecting person clicks or taps the link, and before they can blink, the hacker on the other end changes the password, and the email address associated with that social media account. In the case of Instagram accounts we were working with, the hacker wipes clean the posts and those followers/following.
Adding insult to injury, the crook then contacts the person and demands a ransom (as they define ransom, usually money) or tells the victim their info was given to them as a referral for help, and they can restore your account in X hours for a hefty fee (could be Bitcoin, your debit card, etc.). The crook may send you a screenshot of your account in programming code.
Unless you can actually verify that IS your account, DON’T just take them at their word.
If someone messages you and asks you to follow them, then asks for your email to send you a link to follow, DON’T CLICK THE LINK! If your gut is telling you “this feels wrong” or “this feels really weird/shady”, don’t follow that person. All you have to do is click or tap a FOLLOW button – most social media accounts have one.
Most social media platforms will let you know using their platform and Support Inbox connected to your profile. If you were hacked to the point your email was changed, you will have to send complaints using the platforms’ reporting process/forms. We have some of those links listed further in this post.
What we have seen more and more is one of three methods, mostly involving Facebook:
- The method mentioned above is still in play, though not as frequently as it was this past spring.
- Some users received emails informing them they “have violated Facebook’s policies and will result in the account being terminated”, basically. Typically there are three (3) emails that go out, literally one right after the other within milliseconds (probably using a type of scheduling program). DO NOT CLICK OR TAP THE LINK IN THAT EMAIL! You may be thinking, “Aww, c’mon, it’s Facebook, I can trust them – right?” YES — if it really was from Facebook!
- Take a look at the email headers to see what the sender’s email address is – likely it’s not an actual Facebook account, no matter how legit it looks. Copy that address and use StopForumSpam.com/Search or MXToolbox.com to confirm whether it’s real. Still not sure? Consult your web hosting company or tech guru.
- Recently, someone set up several Facebook pages and “groups” and tagged pages at random with a message that the page/account has violated Facebook’s policies and is scheduled for deletion. You have to scroll down that post to see the accounts being tagged.
- The last account we saw with this message hadn’t posted to their Facebook page in 2 years, so obviously no policies were violated. Additionally, there were five (5) Likes to that post; if you click or tap the Like button to see who they were, the other accounts looked to be the same as the page with the post – same logo, similar text, naming, etc. DO NOT CLICK OR TAP THE LINK ON THAT POST! Rather, report that page and subsequent pages for spam to Facebook.
Do I Have To Pay To Restore My Account?
In the case of one person, she was asked to provide payment via Cash App and purchase Bitcoin. She didn’t go through with it as the crook would have needed to be added to her Cash App account via email, so what would have stopped the crook from demanding more and being able to access her bank through the app?
In the case of another client who was more severely hacked, not only did the hacker demand payment, he/they went to the next level and sent threatening text messages and emails (cyberstalking), and tried to get into both her and her husband’s bank accounts to drain them out of thousands of dollars.
I personally advise against paying hackers. I completely understand how much time it’s taken to build your following, the posts, and the patterns for posting. In the end, it’s not much different than the social media platform deciding to close shop forever – you would be SOL (stuck out of luck). You also have no way to know whether or not the hacker put in some kind of back door to regain access to your account whenever they choose or need money — it’s not worth the risk.
How do I report my account being hacked?
- If you think your Instagram has been hacked, go to Instagram.com/hacked and follow their instructions. It seems pretty impersonal, but it’s the only method available at the time of this blog.
- Do you suspect your Facebook has been hacked, go to Facebook.com/hacked and follow their instructions.
- This support file link from Google may help if you think your YouTube channel has been hacked.
- Are you on TikTok and you think you’ve been hacked? Visit their webpage for support.
- Has your Twitter account been hacked (compromised)? Visit this webpage for the next steps to take.
- X (f.k.a. Twitter) added this webpage to help users regain access to their accounts.
- If your LinkedIn has been hacked, read this webpage for guidance and the next steps.
- Pinterest seems to be policing hackers pretty well. They claim they will send an email to the owner, reset your password, and log everyone out of your account if they think it’s been hacked. For more please read their support doc.
This blog will be updated as we learn the reporting process for other social media platforms. Please bookmark this webpage and check back.
What You Should Do Next
- Change ALL your passwords on ALL your accounts right away! Keep them recorded on a flash drive, in a cloud source you pay for like Dropbox, or use paper & pencil. There’s a benefit to “low-tech”.
- As of this update (8/11/23), one of our clients who had been severely hacked finally retrieved their Facebook account, but it took a LOT of support posts to Facebook to get this done. We helped the client put two-factor authentication on her account. The next day, the hacker tried to get back in, but the 2FA alerted her and kept the hacker out.
- Use a password manager to keep your passwords and accounts safe. Google has a free password manager. At Visibly Media we use LastPass.com, which has both a free and paid service. One of our partners uses BitWarden, which has a trial period (no freebie). Create a password that will only be used for the Password Manager – something you have never used. Make it a long one, 16-24 characters minimum (again, low-tech — write it down and keep it safe).
- Download the accompanying Authenticator app. You may have to look in the Apple or Google store for the download; if you don’t find it in your store, check the product’s website. After you add your accounts to the app by scanning the platform’s QR code with the app, log in to them one at a time by opening the app and entering the 6-digit code from the Authenticator app. You have about 30 seconds to enter the code; after this time the code expires and another code is provided every 30 seconds or so until you log in successfully.
- TIP: Check to see if your Authenticator app has a lock code to prevent someone from using it.
We posted a video to our YouTube channel about two-factor authentication (a.k.a. 2FA, multi-factor authentication, and multi-factor verification), three (3) password manager apps, and their subsequent authenticator apps. We strongly recommend using either one of these three apps, or one based on your search criteria and after consulting with your tech guru.
As former president Ronald Reagan once said, “Trust, but verify.” Hackers are in it for themselves, no matter what B.S. they’re trying to sell you on, including lines like “oh, but your friend so-and-so gave me your contact info as a referral because you were hacked, too”. They have every desire to take every penny they want or think they’re owed and could care less what you lose. You’re right – it’s not great to think everyone could be a “bad guy” or “Stranger Danger”, but it’s better to be wary than lose your account.
Check back for more tips & tricks about Facebook and other social media platforms.
Be strategic. Be visible. Be found.
Ready to start using social media smarter, not harder? Let’s chat! Schedule a one-on-one coffee chat over ZOOM to talk about strategically incorporating both social media and inbound strategies into your current marketing plan.
Branded ZOOM backgrounds allow businesses to not only add another option for secondary marketing but also confirm both identity and authority to prospects and customers. Investment starts at $85. Visit our webpage to get started.
#smallbusiness #businesstips #marketingtips #digitalmarketing #cybersecurity #thursdaythoughts #socialmediamarketing #socialmediatips #visiblymedia