“Always be cautious when online.”
Instagram has altered the digital landscape since its launch in 2010. However, one emerging and particularly pervasive issue is leaving users blindsided: scamming.
Instagram scams often follow the same premises as phishing, which AP Computer Science teacher Jonathan Simon described as, “when someone poses as a company or organization to try to get people to provide personal information that can be used to access money or steal identities.”
While most Instagram scammers do not impersonate businesses, they often fake their identity or situation to bait users.
Instagram’s direct messaging feature allows users to send messages to anyone. While these so-called “DMs” are harmless by themselves, scammers can use them as a tool to gain personal information or even take over accounts.
Senior Samuel Castelein said that he received a DM asking him “to spell a random word to win $1000.” He and his friends jokingly answered and he said, “I continued messing with the account until I received a link in my text messages.” Despite his misgivings, Sam clicked on it to continue the joke.
“After that,” he said, “I simply lost access to my account because the hacker changed the email and password associated with it.” Instagram’s lack of account security leaves users particularly at risk of scams like these. As Castelein’s story highlights, all someone needs to access your account is the associated email address and password, which can be garnered through a simple link. Once logged in, a scammer can alter your account information in a matter of clicks, locking you out indefinitely.
M-A Senior Nicole Harris’ scamming experience started differently. She said, “I wasn’t approached with an ultimatum of ‘give me your account or I will do something to hurt you.’” Instead, “I was approached by a friend in my DMs who I didn’t know had their account hacked. They said they needed help with a new business they were creating and needed promotion. Naturally, I decided to help out.” Unfortunately, Harris’ goodwill proved detrimental.
“They asked me to send screenshots of a link to their ‘website’ so they could use that link to reset my password and take over the account.” Like Castelein, shortly after sending the screenshot, Harris was kicked off of her account.
Both Castelein and Harris were unable to regain control of their accounts, in part due to Instagram’s minimal account recovery resources. Instagram’s help site itself states, “if you can’t access the email account you registered with and didn’t link your Instagram and Facebook accounts, we’re unable to give you access to the account.”
“Looking back now, I feel silly,” Harris said.
Senior Kilikiano Lee said, “I was hacked through quite literally giving them an access code to get into my account,” he said. “I was trying to troll them but I had accidentally given the right code and they got in.”
In hindsight, Lee said, “I shouldn’t have been trying to entertain the scammer from the start,” but it’s important to understand these rash mindsets that scammers exploit. For Castelein, it was the need to carry on the joke; for Harris, it was the desire to help her friend; and for Lee, it was the temptation to beat the scammer at their own game. Combine those motivations with the belief that their accounts were secure, and the perfect opportunity for their scammers arose.
However, unlike Harris and Castelein, Lee was able to recover access to his account. “I was fortunate enough to gain it back after a day or so through Instagram’s facial recognition,” he said.
Facial recognition verification allows users to prove their rightful ownership of their accounts by matching the person’s face with their posts. Information on utilizing this option can be found on the Instagram help site.
There are multiple steps Instagram users can take to improve their account security. Simon said, “to avoid scams, never give passwords, account numbers, or other sensitive personal information online unless you have signed in to a known website with two-factor authentication, such as when they send a verification code in a text to the phone you have registered with them.”
If your account has already been compromised, Simon said, “you will need to change the personal information the scammers have to protect yourself, such as canceling ATM and credit cards and getting new ones.”
Each student reflected on their experiences and advocated a similar message of online protection to their peers.
Harris said that if she could have done anything differently, she would have “texted the friend who owned the account to ask if they were hacked, asked the account a question only the friend would know, and stopped responding to them before reporting and blocking them.”
Instagram has a feature that allows users to block and report other accounts. To do so, open the suspected scammer’s account page and click the three dots in the right-hand corner. A list of options will appear that includes “report” and “block.”
It can feel hard to turn down a friend asking you for a favor, but as Harris said, “it’s always better to be overly cautious and send an apology at a later date than getting hacked.”
When receiving messages from unknown users, Castelein put it simply: “just don’t respond.”
Lee echoed this sentiment, stating that “the best way to protect yourself” is to not interact with suspicious accounts in the first place. He added, “if you do lose your account, it’s best that you have a set plan of what to change before the scammer has time to react and you lose control again.”
Besides losing their accounts, the students have faced no other serious effects. However, scammers can post inappropriate or embarrassing content on stolen accounts, misrepresenting the original user to their followers. Others–including Castelein’s scammer–use stolen accounts to send messages to the user’s mutual followers to gain access to even more accounts.
M-A students must remain vigilant on Instagram and other social media sites, taking steps such as choosing strong passwords and ignoring suspicious messages, in order to keep our digital campus safe from the spread of scamming.