Scammers conned me on my Instagram account. Before I give you the details, let’s hit the important stuff.
First, if you’re on Instagram, you should do two tasks RIGHT NOW: establish two-factor authentication and back up any important posts you have posted to IG. I would have avoided most of this trouble had I set up two-factor authentication.
Second, yes, I am a fool. You will, no doubt, roll you eyes a few times. But: let me be your bad example. This is an all-too-familiar role for me. But perhaps you will be better off.
That said, here’s how the scam worked:
I received a direct message from an “account” that I thought I followed. Let’s call it @NicePerson.
Nice Person sent me a message through DM on Instagram.
(Only, it’s not @NicePerson. It’s @NicePerson12. I didn’t notice the difference. Later, I’ll check and find out that @NicePerson has been hacked, too.)
“Nice Person” asked me if I could help. They said that they have been locked out of their IG account. But they get two chances to contact one of their followers on IG. Because I’m one of their followers, all I have to do is click on a link that they will send. This will, in turn, send a link to my SMS messages. If I send that link to them, they can unlock their account.
I clicked the link. That generated a link which is sent to my SMS text account. I copied it, and sent it to them.
I logged off IG to finish the call I was on. (This is, frankly, a bad move. It’s not polite to scan your IG account while chatting with someone. It’s awful manners and distracts you from more important things.)
A little while later, I receive notifications from Instagram in my email. The first one was convincing. It said a new device had logged into my account. I clicked on the link to alert them that it was not my device. Then I received notifications that my email had been changed and my password had been changed.
The first email was a fake. A page came up, looking exactly like an IG help screen. But it told me that link has expired.
This delayed me. The realization that my account has been compromised, and that I am, in fact, an idiot, hit me. Hard.
By the time the other two emails arrived, I have been locked out of my account. I can’t log in. I can only click on the link to the Instagram help page. This offers more links to click on if you think your account has been hacked.
I clicked the links.
I sent emails. I entered codes IG sent, but I came up against a wall — IG wants the two-factor authentication codes. I didn’t have them. So, the next step is to follow the instructions on sending them a video selfie. I do. (About five hour later, I’ll receive an email from Instagram telling me that the selfie didn’t work.)
Meanwhile, I receive texts and a call from friends asking me if I sent a Bitcoin ad via my stories.
BITCOIN? The horror. Oh, the horror.
I checked Instagram via another phone. My account looked the same, only it’s has become @roessler_studios12. Just like @NicePerson’s fake, scammed account. And now, they can use my fake account with the 12 at the end to trick other people.
—Yes, it was stupid and illogical. If I’d taken a few minutes to analyze the message, I would have realized that it didn’t make sense. In fact, a quiet, interior voice was whispering that this was a strange message. The. Whole. Time.
—You should ALWAYS pay attention to your intuition. I didn’t stop to think about it. I was distracted. I was talking on the phone. The cat was meowing. I had too many browser windows open on my laptop.
—It was surprisingly rough to discover someone had monkeyed with my account — far, FAR out of proportion to the harm done. This means that I wasn’t only dealing with decoding the “help” page but I was working through the fog of potential loss, humiliation, embarrassment, and panic at losing my privacy, my contacts, my nine years of posts.
And worst of all: abusing the people who’d been kind enough to follow me.
Instagram Could Do More to Prevent This
IG could spend a few of its filthy billions in profit mined from our dopamine addictions to splurge on live customer service representatives. My small, local bank does. American Express does. Why can’t they? I’d’ve queued for a few hours to save my old account and avoid the shame of being thought a scoundrel hawking Bitcoin.
And now, I’m in the situation where I am unable to convince — someone? a bot? — Instagram? that this bogus account is not mine and that it is impersonating me. So far, Instagram does not officially believe that “roessler_studios12” is fake.
Suddenly, you ponder: who am I? How do you prove you are who you say you are?
And why can’t they spend a thin slice of Zuckerberg’s billions to help you dislodge this nasty, bloodsucking parasite using your name?
Be vigilant. Do not multitask. Save your work, and save it often.
Also, it’s not that big a deal. I am not dodging missiles in Donbas. No children or animals were harmed. Life goes on.
Just be a little bit smarter than me. Which likely won’t be that hard.