Urmila Matondkar, Ameesha Patel, Tabu, Sussane Khan, Vikrant Massey, and Esha Deol, what do they have in common? Each of these celebrities fell victim to a phishing scam on Instagram and lost access to their accounts.
Hackers shared a promotion post on Tabu’s profile, which was compromised on Monday, demanding her 1.9 million followers to download a board game app. On her Stories, Tabu later posted a response telling viewers not to click or open any links sent from her account.
the ‘Instagram Copyright’ fraud is very widespread and many celebrities and brand profiles have already fallen victim to this. Celebrities like Esha Deol, Tabu, Ameesha Patel, Asha Bhosle were some of the big names that got hacked in January alone. In December 2020, Instagram was hacked by Urmila Matondkar and Vikrant Massey. Actually, according to the actor, Massey’s account was compromised twice.
In December, Sushmita Sen’s elder daughter Renee’s Instagram was also hacked. In October 2020, they threatened Sussane Khan. On December 16, Matondkar’s Instagram account was compromised and she also sent a report to a cyber cell in Mumbai. Also, Patel took similar action.
We’re going to have a look at what the scam is and how to keep your account secure.
What is the Instagram Copyright scam?
A message from a handle posing as the official Instagram account was received by several of the celebrities, with concerns about copyright allegations. The users were warned that they were breaching community rules and that if they felt the violation claim was wrong, they needed to have some input.
They were also warned that the account would be deleted in the next 72 hours if they did not offer the details. One instance of a message reads like this: “Hi Instagram user, for a long time we have received several complaints about your account. This is what we wanted to inform you about. Some of the posts you shared are against our guidelines for the community before you delete your account. You must have input if you think the copyright infringement argument is wrong. Otherwise, within 72 hours, your account will be permanently removed from the website.”
“A link with a fake “Copyright Appeal Form” was attached at the bottom. This is where hackers will ask users for key information such as the name of the Instagram account, password, date of birth, and any other data that would have helped them gain account access.
What has Instagram said about this hacking?
We reached out to Instagram for clarification on the targeting of celebrities, which is a classic phishing event. Bear in mind that such associations, which can often seem quite real, can deceive anyone.
“We know that losing access to your account can be a distressing experience,” said a Facebook spokesperson. As well as interventions to help people restore their accounts, we have sophisticated steps in place to stop bad actors in their tracks before they gain access to accounts. We also reiterate that Instagram never communicates with users through direct messages, and in the app, in Settings> Security> Emails from Instagram, all contact made by Instagram via email can be checked.
How to protect your Instagram account?
The first move is to make sure you allow two-factor authentication. This means that they will need a one-time password or OTP to login into your Instagram account if someone else gets the password. Two-factor authentication (TFA) can be performed according to Instagram by codes sent via SMS or by a third-party authentication program such as Duo Mobile or Google Authenticator.
Follow these steps to enable TFA on your Instagram account:
Open the Instagram application, navigate to the app’s profile page and press the three-line icon. It can be seen in the upper right corner. Click the ‘Settings’ button that appears in the Menu. Go to Security in Settings. You will see an option for “Two-Factor Authentication”. Just activate it. You can also add an option, if you have it enabled, to use the authentication app to get codes. The benefit of this is that the mobile number associated with the account can often be modified by hackers and you do not get the code to encrypt it. But if you rely on an app like Google Authenticator, you can get codes that are still usable. Also, ensure that when setting up TFA on your account, you keep the backup codes somewhere safe.
Instagram’s other guidelines include maintaining a secure password that contains at least six letters, numbers, and punctuation marks. It is not good practice to keep the name of your pet, your birthday, your initials, your name, your mother or father’s name as a password. Basically, any data that a quick Google search can easily find should not be part of the password. Instagram also suggests that access to any third-party apps where you might have signed in with your account be revoked. They will expose your login credentials, it says.
Instagram further reiterates that through Direct Messages on the app, it never interacts with users. Only correspondence is sent via email. In the app, in Settings> Security> Instagram emails, all communications made by Instagram via email can be confirmed.
What happens if your account is hacked and you lose access?
If you believe your account has been compromised and you can still log in, there are things you can do to help keep your account safe: First, send a request to change your password quickly if you have not yet signed out of the account. Also, if not done already, switching on two-factor authentication for extra protection. Instagram also says that you have to go to the Accounts Center and uninstall any related accounts that you do not understand. It also advises that access to any questionable applications from third parties be revoked.
In addition, if hackers have attempted to change your email linked to the account, search your email account for a message from Instagram. You will receive an email from firstname.lastname@example.org informing you that your email address has been updated. You can fix this by selecting the option ‘Return this shift,’ which will appear in the message. Instagram also states that if any additional details, such as your password, have been changed, ask them for a login connection or security code. It is possible to send the login connection to your email address or phone number.
The login connection can be used to ask Instagram for a security code or help to regain access to the account. In some instances, Instagram can ask users to verify their identity. They will be asked to upload a picture of themselves, carrying a document along with other information with the code sent by them written on it.