loading
Loading
    ';

Read more Contact me me for usage or prints
beech twig

Being Hacked on Instagram

Being hacked on Instagram: this blog is the tale of a scam.  Luckily, it has a happy ending.  But losing all control of my Instagram account for a week was really quite unpleasant, so I thought that by writing this I might be able to pass on some tips about how I messed up in the first place, and how I finally managed to get it back.  I’d hate for anyone else to go through a similar experience and feel as miserable and helpless as I did.  Oh, just in case you want to check our the re-incarnated account, my username on Instagram is @Lizzie_harper_illustrator

My two errors: 1.  Not putting 2 Factor Authentification onto my account

The first mistake I made was not putting what is known as “2 Factor authentification” onto my account.  This basically means that if someone tries to log in to your account, they’ll need to enter a code before they can access anything.  The code can be linked to an app, or to your mobile phone number.  I didn’t have this in place, which is why the hacker got access to my account.  Funnily enough, I do have 2 Factor authentification up and running now.  On ALL my social media sites!

My two errors: 2. Clicking on a link sent in a Direct message (DM)

So this is the mistake I made.  I got a DM.  It told me to verify my account by clicking on a link (Don’t click on the link!).  It took me to a page which looked ever so official, even showing accounts I recognised as “followers”.  It prompted me to put in my login details (Don’t put your login details in!)  It asked me to confirm my details with my phone number and email. (Don’t confirm your details with your phone number and email!)  And the damage was done.

Leopard head Panthera pardus natural history illustration by Lizzie Harper

Realising I was hacked

It took some hours before I realised what had happened.  When I came to post something in the evening (a lyre bird, to be precise), I was asked to log in.

I logged in with my password.  Nope.  I was asked to confirm my phone number, and I’d be sent a text.  No text.  The whole thing spiralled out of control very fast, with every back-up option proving useless.  I could NOT access my account.

I noticed a message saying a phone I did not own had logged into my account from Manchester.  I don’t live in Manchester.  Uh-oh.

Then I got lots of messages about logging in.  In Turkish.  Bigger Uh-oh.

The Hacker says hello

I started to feel really worried, and was looking online for links to Instagram help desks.  I also furrowed my brow, and wondered if that DM link I’d clicked on might have something to do with it.

Up pops a What’sApp message from a number I didn’t recognize.  Area code Las Vegas.

Hello”, it says politely.  “If you want your Instagram account back you must pay me”.

Stomach churns.  The advice online says to keep the hacker chatting, even if you have no intention of paying them a penny.

After a little back and forth I got the message.

Unless I paid $150 in bitcoin to this stranger within 24hrs my account would be deleted.

PANIC

What I did next

Next, I contacted my computer expert buddies to ask for help.  Giles of Pixelshifters went above and beyond, trying to find a solution and repeatedly telling me to absolutely not pay any ransom.

I got the link to my Instagram taken off my website.

I put up posts on my Facebook  and Twitter accounts and on the blurb on my website saying that my Instagram was not in my hands, and to ignore any messages anyone was sent that purported to come from me.

I also took lots of screen shots of my last 40 posts on Instagram, cutting and pasting all my written content, and taking photos of the list of 95 people I was following.

I contacted Action Fraud who made a repot of this instance of “cyber crime”.  Later, I was phoned by my local police to talk about it.  It made for a depressing chat.  He said instances of this sort of scam had sky-rocketed during Covid lockdown, and that they were innundated with reports of cybercrime.  But in terms of catching the criminals?  As soon as a hacker is out of UK juristiction, there’s not a lot the police can do.  Coupled with which, most hackers hide their location.  He emphasized that, in truth, the only action was to be proactive, and to be certain you protected yourself.  In terms of reactive policing?  Nothing really can  be done.  Although I assumed this to be the case, it was rather sobering to hear it from someone working in cyber crime.

I spent hours (literally hours) going in a hellish circle with the auto-bots on the Instagram help desk.  I always got asked to enter some detail that the hacker had changed.  This situation remained like this for a few miserable days.

Finding a Human at Instagram

I knew I had to find a way to speak to a person, not a bot.  but how?

During one of my many desperate Google searches (“How to talk to a person at Instagram?”, “How can I fix a hacked Instagram account?” etc) I stumbled on a BBC News article.  A company had been hacked in August 2020.  The key words in the article were, “She is now working with Instagram to resolve the problem”.  Whaaat?  So there WAS a person there, somewhere.

I emailed the company (The English Stamp Company) and asked if they had a contact address, or a real person’s email?  This was a last roll of the dice.

Bless them, within the hour they’d replied and given me the email address of someone at Instagram.  The email address is this: sunilsinghvi@instagram.com

Skylark Alauda arvensis natural history illustration by Lizzie Harper

The Hacked account gets weird

Meanwhile, the hacker had accepted that I wasn’t coming through with the bitcoin.

They posted in mu Instagram story: “This account is for sale for $150”

Clearly, this was targeted at me.  My account would be worthless to anyone unless they were me, or wanted to pretend to be me (which is incredibly unlikely).

Another WhatsApp message, this time from another phone number (in New York).  “So are we deleting an account?”

I refused to engage and felt a bit sick.  They put the offer of the sale in the biogrpahy section.

Followers and friends were pinging off complaints to Instagram and getting in touch to ask why or if I really was selling my Instagram account?  Uh – no.  But this was all very useful and brought the damaged account to the attention of the behemoths at the help desk, I think.

It’s final weird reincarnation had my profile picture removed, an odd bit in the biography section, a totally new name (I think it was called “Verified Badgesl”), and a padlock to show that the account had been either deleted or taken down.

Resigned to my loss

There was no instant reply to my email.  I decided it had been a false lead.

By now I was very bored of feeling so stressed.  I decided I had to accept that the account and its’ 18k followers, 1083 posts, and 11 years of curation was gone.

So I built a new account, a new Instagram home.  It took a day, and I referred to the photos I’d taken of my old account.

Common toad with wildlife garden home illustration by Lizzie Harper

By the next morning I had a majestic 3 followers.  Still, I resolved to be cheerful.

I did fire off one last email to sunilsinghvi@instagram.com saying that being unable to talk to anyone guaranteed lots of people would turn to hackers to resolve the issue.  I said I was going to go to the press (I would have done, too.  Although it’s not exactly a thrilling tale.  Unless you’re living it…).  I suggested Instagram’s customer service was not perfect.

Instagram send me an email

The next day, an email pops up.  From the Facebook helpdesk.

YES!

It took some untangling.  They were very helpful, and very slow.  I dealt with three different people, about 15 emails, and lots of password resets that didn’t work.

Finally, three or four days later, a reset link comes through that works!

bare feet on earth original for sale

Reclaiming my Instagram account

I was in again!  It felt a little like coming home, I couldn’t quite believe it.

I’d only lost a couple of hundred followers.  As far as I can see, nothing else weird has been done to the account.

A lot of DMs with links have been sent – I assume encouraging people to click on the same sort of scam that I fell for.  I’m hoping my followers avoided doing any such thing (they’re probably cleverer than me).

I moth-balled the new account, and posted on my reclaimed account that I had been hacked and was back.  I also shared this info on twitter and Facebook.

It had been almost exactly a full week since I clicked that fatal link.  I was back.

Lessons learned

So what have I learned?

First:  Put Two-factor authentification onto every single social media account you own.  It takes a matter of seconds, and gives you total peace of mind.

Second: Never click on any DM or link.  Don’t trust something like that.

Third: Get it in perspective!  One thing I did realise was that actually, in the grand scheme of things, losing an Instagram account was relatively meaningless.  My family was well.  The tulips were out in the garden, the blue-tit was singing in the tree.  The tree was smothered in cherry blossom.  Instagram?  Yeah.  Not really that important.

Fourth:  Once I got my account back, I found out that you can request a back-up of your content.  It might take a while to come through, but I’ve applied for one.  So if the hackers get me again, I’ve only lost my followers, not any content.

 

Conclusion

So, I’d suggest you implement Two-factor authentification, and back up your account right away.  If not, and the damage is done, you have the magic email to use, to access the humans at Instagram.  Just hoping the poor fella whose email it is doesn’t go and change jobs anytime soon!

And most important, it’s actually not worth getting that upset about.  In the grand scheme of things, the loss of an Instagram account doesn’t matter.  Your own health, happiness, and immediate world – as is, not as it is on your social media accounts – is much more important that all these pixels.

Massive thanks are due to everyone who got involved and reported the hack, and reached out to tell me what was going on, and to those who commiserated.

8 comments

  1. Never click any contact link,in any email, message, etc, or return a call to a phone number left as a message. Go to the legitimate website directly from your browser or use the contact phone number of the entity you know is correct and contact them via that route. If it is a legitimate issue they can confirm that and send you to the correct department. It’s the only way to be safe these days. It is so easy to fake a contact. Always report any suspected scam via whatever service it is sent from. Keep your personal details on social media accounts to the bare minimum possible. If possible set up a post office box and alternative email and phone numbers for this use. If someone does get into your account they will not be able to hurt you as badly. Report scams to your local police, they should have a task force that handles the issue. They may not be able to do much, it depends on the circumstances, but they will have a report in case you need it in the future.. and multiple reports can result in further action being taken. For example here in the US if a scammer is confirmed in multiple states it becomes a federal case. Do not use the same password for separate services and try not to link accounts to the extent possible. Again, reduce the damage possible. Do not allow services to save your password “for your convenience”, set up one click entry or purchase, and never save payment information. The time it takes to type in a password or payment account info is not worth the risk. Use all possible privacy settings and multi step security options. It’s a scary world out there.. so many people never give it a second thought until they are a victim. P.S. I’m posting this on your Facebook post as well so others can see it.

  2. Hello Lizzie, I logged on to your page to see your painting of a fritillary flower and saw this blog post too. Thank you for sharing all this, I’m taking your advice straight away! Very glad to hear it is sorted now. Your paintings are amazing too.

    1. Hi Sue

      That’s excellent to hear. Glad youve put 2 factor authentification in place, one less thing to worry about. And Im glad you like snakes head fritillaries, too! Thanks for leaving a comment. x

    1. Thanks Katy, and yes, 2 factor authentification all the way! Thanks for the kind words about my illustrations. x

  3. Hi Lizzie

    New fan here. I’ve been enjoying your Youtube instructional videos and thought I’d check out your website. I like your style of painting and how you jump right in with the mid tones/darks, which seems more logical to me in that it gives me a far better perspective of where the lights and darkest values should go. Your painting skill is incredible and I’m in awe of how enthusiastic you are even to paint the ‘icky’ stuff lol! I also found very valuable your video about watercolor paper and was relieved to know it’s not just me who has been having a tough time with Fabriano paper! For the life of me, I can’t paint on that stuff!

    Anyway, sorry to hear your Instagram got hijacked, but I hope your experience is a great lesson to others. I’m off to read the rest of your blog posts and hope you’ll soon be posting another Youtube video to enjoy. Take care, Lizzie and thanks for sharing your exquisite skill and knowledge with us!

    1. Hi Jay
      What a lovely couple of comments! So good to have a new fan, and I really appreciate all the fab feedback. Oh Im so sorry about the misery of Fabriano, I honestly thought I was going mad for a while back there, so sorry you shared that pain! And thanks for reading so many of my blogs! Sometimes I fear they’re a little too dry, the films have a touch more humanity to them, I think.

      So glad to have such an interested and interesting new fan! And yes, when work calms down again I’ll try to do another video. I lvoe doing them, its just carving out the time to make and edit them thats the challenge! Thanks again Jay X Lizzie

Leave a Reply

Your email address will not be published. Required fields are marked *

Lizzie Harper