Update: currently my account has been rendered inactive by Instagram and I’m trying to get access again.
But unlike the story of “the big phish who got away,” I was hooked hook, line, and sinker. It all started early about a week ago. I had just finished my workout but the coffee had not yet kicked in when I was phished with an instant message from a “friend” on Instagram.
The private message asked me to click on a link to vote for her in a contest. I normally don’t click on links, but the person was someone that I thought I knew, and the link seemed legit.
Almost immediately I was kicked off my account, which was the beginning of my Instagram nightmare. Beware of emails asking you to take action by clicking on something – even if you think you know the person.
Phishing is a scam that uses fake messages, websites, and social information to get money out of people and businesses. Over the years, phishing has gotten much more sophisticated. In a recent report, the FBI states that phishing scams resulting an annual loss of over $54 million for U.S. consumers and businesses.
I didn’t have two-factor authentication enabled on my Instagram. Please turn on two-factor on your accounts! It makes it harder for hackers to log in to your accounts if they do get your username and password. The hacker immediately changed my name and password, added an underscore before my username and made it impossible to get into my account because any time I did, the notice went to the hacker instead of me. And my message changed from my story of wine to a crypto currency mining success story.
Anyone who knows me or reads my stuff knows that wine is a labor of love. I don’t take money for any of my posts and do not have advertisers. So, to go from selling nothing for 12 years to pushing crypto crap is a little unlike me.
So, I hired a guy to help, who came recommended by a few people and was very persistent finding me on all my social apps plus What’s Up. That was my first mistake. After a day of back and forth and asking for more money to do more things (but just giving me enough of the story to make me think it was progressing), I received a reset password from an Instagram account with an AOL address asking for another amount. That was it. I thought I was done with the scam.
Now before I go on with my story, let me say that informing Instagram is as effective as trying to convince my cat to do something on command. I reset my password multiple times. The alert went to the scammer. I did the facial recognition scan (at least eight times). The alerts went to the scammer. I even tried the support alert asking for additional help, tagged them on my other social outlets and asked for communications help. Silence. They don’t designate people to help. The best was yesterday when I reported the account and they told me Instagram provided no support even though I followed their protocol. The hacker continued to update my stories, blocked me from seeing content and Instagram gave me no way to warn nearly 8000 people the account was in bad hands.
I took another chance with someone else, did a lot more research and was promised a 100 percent guarantee. And then I realized it was just another scam — he didn’t live up to any promise and I found myself back in the another scam, different verse. I even found out that an account with close to 8,000 followers with the engagement I had went for up to $1,200 on the dark web. This time I did the right thing by calling someone I know who came in, secured my personal email (they had hacked into that as well) and had almost gotten into accounts like Amazon and PayPal.
Sadly, it becomes the victim’s responsibility to find people to help at Instagram. While it was my fault to click on that link, there should have been a way for Instagram to help solve the issue without me having to hire someone to help (and get scammed in the process). And if you think about the time you spend on building a site, brand and account, Instagram should stand my its mission statement is “to capture and share the world’s moments.” The long-lasting memory shouldn’t be of the phish that got away and a painful time of trying to get your identity back.
So today I officially let go the Dallas Wine Chick account (or now __dallaswinechick). For your own safety, I would recommend that you unfollow and click on no content that is published as I’ve been blocked and have no access to that account – unless you are really interested in crypto and being scammed. If you want to follow me again on Instagram, I’m @reallythedallaswinechick now. I’d appreciate your unfollow of my original account and re-engage here. Instagram only lets me follow about 100 accounts a day, so be patient with me as I rebuild this. My goal is to make that original account obsolete, but they sure don’t make it easy!
Have you ever been hacked on Instagram without two-factor authentication enabled and did your account live to tell the tale?