If you asked me a week ago what two-factor authentication, I would have told you that I was not great in math🤔. Ask me now, and I would tell you “Don’t waste time building your Instagram account without it”.
So picture this: I’m out with clients showing a few houses around 8PM Tuesday, 8/24/22 and my daughter texts me to tell me my Instagram account had been hacked. At that moment there wasn’t much I could do but spend half the night trying to find out what happened. I had inadvertently let the stranger in.
While Instagram is an amazing platform for personal and business accounts to share, when you are hacked your resources are limited and even compromised a bit.
So let’s take a step back and call this day 1 (Tuesday, 8/23/22). After looking through my emails, texts, messages and DMs I knew what I had done wrong. I had been receiving DMs on my Instagram account which used to be @Prestonlifestyle asking me if I would be interested in joining a new group of women on Instagram with a start-up business, ( I do not have a screenshot of this because it was done in my old account). The ‘group of women on Instagram’ should have been a red flag.
I immediately answered “Yes, I will support, just send me the link”. Well, I never received the link and ‘she’ reached out to me again and asked if there was a problem. I explained I had not received a link. ‘She’ said she would text me the link and asked if I could screenshot it and message her back to make sure the correct link was coming through. That should have been another red flag, but I didn’t see it.
In my other life I am a Realtor and I was working in the actual RE Office (which I rarely do) and ‘she’ texted me again asking if I had received the text. I was pre-occupied and making appointments to show homes that evening, (I know that is not an excuse) and I did it. As my son has pointed out since then, I messaged a picture from my phone to an unknown phone, another red flag I missed. But, because it was a bit different than what I was used to, at least I decided to screenshot what I did so I could go back to it later.
Now we are up to the text from my daughter. I didn’t even try to get into my account at that moment because I was with clients. As soon as I got back in my car, I tried to get onto my account and it no longer existed. I literally started sweating and felt sick to my stomach.
So what is the first step. Google….my instagram account was hacked, what to do now? And within 10 minutes of me getting home, my son and daughter called.
Let me qualify that. Hanna is 22 and in grad school and Sam is starting his Junior year in college for computer science. He had a lot to say that night! He caught me crying, yes crying over an Instagram account…could you imagine that? My daughter actually asked me if I was having a breakdown. I said yes, honey but it will only last for about an hour until my anger sets in and that’s exactly what happened.
So, where to start? Forgotten password…well that didn’t work because 1. the hacker changed my password immediately, 2. the hacker changed my user name by adding two underscores, and 3. the hacker added the 2F Authentication onto my account, something I did not have to start off with. The hacker was smarter than I was. And to make it worse, the hacker texted me probably just to rub it in later that night. I sent a screenshot to my son, he said; “Mom, don’t engage, this is what they want you to do”.
Needless to say, it was a long night.
Day 2, (Wednesday, 8/24/22)
I’ve googled and emailed who I thought was Instagram. The emails that were coming back were a bit cryptic for an established company but they said they were from Instagram, so they must be, right? Wrong…I thought I was receiving feedback from Instagram, but my kids pointed out the difference in the email accounts. It wasn’t Instagram emailing me, but a fake email pretending to be Instagram’s support team. The emails I was receiving from ‘Instagram’ were from a Gmail account; they (my kids) said they should be coming from a .com account and they were right.
Day 3, (Thursday, 8/25/22)
The real Instagram got back to me. They said I needed to verify my account with a selfie, basically a video similar to when you get a new phone and you have to do a thumbprint, only this is a faceprint. I did it and they were meant to get back to me with instructions on how to get back into my account. Well, they did, late that night, but no way of knowing if it would have worked because in addition to me losing my instagram account, the email associated with it also mysteriously stopped sending emails to my inbox. When I realized this, I found the email from Instagram but they had put a 24-hour timestamp on it and the 24 hours were up. Coincidental, maybe… but I don’t much believe in coincidences. They said I would have to do another selfie to re-verify but they did not send me a new link to do that.
So, I responded by explaining I had not got their email and please send me a new link to do another selfie.
Day 4, Friday, 8/26/22.
10PM and I’m still waiting for that new link. I’ve replied to the same email three times today asking for another link.
Day 5, Saturday 8/27/22
I realize that the email account attached to my Instagram account had been hacked as well. I did not know why I was not receiving any new emails to my inbox, so I googled again still not associating one problem with the other. What I found was a YouTube video suggesting that when you are not receiving your emails, the first thing to do it check your filters for that email account. Well, I had nothing to lose, so I figured out how to check my filters and, sure enough, there was a filter there that I never set. My new emails for that account were going straight to trash. This would be why I did not receive the initial emails from Instagram that were sent to me.
Day 6, Sunday 8/28/22
I’m still waiting for Instagram to reply to my emails and send a new link so I can take a new selfie video. My son suggests sending another email explaining that my original email address attached to Instagram was hacked as well. So, given I have nothing to lose, I’ve sent a new email to Instagram from a different email account I had.
I spend the day working on content for my new Instagram account. I am trying to keep this in perspective but I keep thinking someone has literally stolen a piece of my business and that is just not ok.
Day 7, Monday 8/29/22
Not one word from Instagram, no response of any kind to any of my emails. I will send one more email email this evening. The only other thing left to do is report this as a Cyber Crime. My account has been hijacked and they have stolen my identity by posting on my behalf.
Day 9, Wednesday 8/31/22
Upon my sons suggestion, I re-worded my original email to ‘Instagram’. He suggested that this may only be an automated system and that my original email may have been a bit too complicated for ‘it’ to process. So, he drafted a new email with only the specifics in it. I sent it to the two different Instagram email accounts we assumed were the real ones.
Later that afternoon I received an email from Instagram with a link to do a ‘video selfie’
I completed the selfie, which took about 10 minutes to do, they wanted every angle possible!
I received an email back saying it would take about 3-4 days to confirm my identity. Well, no choice at this point other than to just go with it.
Day 10, Thursday 9/1/22
I received and email from Instagram saying that my identity had been confirmed. This email included directions of how to get back into my account.
Upon receipt of this email, I texted my son and we immediately walked through the steps remotely, together. As you can see from the email above the ‘back-up code’ link I was given would replace the 2F code the hackers had put on it. We added a strong password, changed the name back to what is was by removing the two underscores the hackers had added and quickly added 2FA to this account. The account is now back in my control!
I am also now able to see the complete message that I responded to that started this whole thing.
PLEASE NOTE; this is the way it starts! If you should receive anything that looks like this
DO NOT ENGAGE, JUST DELETE and BLOCK this person.
Don’t misunderstand, it’s not that there was a huge following n this account. (it was modest by today’s standards), but it was mine for the past few years. I nurtured it and worked it and it was taken from me—the legacy of my original account, all of the wonderful women I’ve met!
Below I’ve listed the instructions on how to add 2F authentication to your account if you don’t already have it. If this gets resolved, I will update this blog and, if not, hopefully someone else will also learn from my mistake.
I’ve also added links below to the blogs of two other influencers who went through similar situations but were hacked in different ways.
Thank you for supporting me!
- On your Instagram account, click on the three lines top right
- Go to settings
- Go to security
- Two-Factor Authentication
- Add Extra Security hit ‘get started’
- You will get 3 choices, I choose ‘text message’
- You will receive a confirmation code
- Enter Code
- 2F Authentication is now on
- Instagram Business Account, I received codes that are good for one time. I took a screenshot of the list
Melanie from Midlife Vitality told me that two women also shared their stories which I am sharing below.