It’s every creator’s worst nightmare. Years of work building a following, brand deals in the pipeline, and priceless memories - all taken away in a matter of seconds by a hack. Unfortunately, countless creators have experienced this first-hand, losing everything they built after being hacked on Instagram. The good news is that there are a handful of simple best practices you can follow to protect your Instagram from being hacked. Keep reading to learn more.
How to protect your Instagram account from hackers
- Learn about phishing tactics
- Cross reference emails via your IG settings
- Set up Two Factor Authentication
- Use a password manager
- Get Instagram insurance
1. Learn about phishing tactics
The most common way Instagram accounts get hacked is by social engineering or phishing tactics. In these cases, hackers impersonate trusted sources, like brands or Instagram itself, in order to trick users into providing their personal information.
Watch the video below, in which full time creator @wtfab shares with Notch how she got hacked after falling for a phishing email from a fake brand.
Often, the hackers will add a sense of urgency to the email in order to prompt you to make a rash decision, like you can see in the screenshot below that shows the bogus copyright infringement email sent to @wandertears. Unfortunately, they fell for the scam and their Instagram account got compromised. Read more about their story here.
By being aware of these tactics, and adopting a suspicious-by-default mentality, you’re instantly improving your Instagram security.
Every time you receive an email from a brand, friend, or Instagram, pay close attention to the sender’s email address, look out for grammatical errors, and hover your mouse over the hyperlink. If anything looks suspicious, you should delete the email immediately and give other creator friends a heads up.
You might be interested in: How Instagram accounts get hacked: 6 tactics used by hackers
2. Cross reference emails via your IG settings
As you now know, Instagram accounts often get hacked when a hacker pretends to be an official Instagram employee. Two common methods are:
1. Offering blue tick verification
2. Claiming copyright infringement
The best way to check if an email is legitimate is by checking your Instagram account. All legitimate and official emails sent by Instagram will also appear in your profile settings.
From your Instagram profile, go to Settings>Security>Emails from Instagram.
If you received an email claiming to be from Instagram, but there is no corresponding message in your ‘Emails from Instagram’ section within the app, it’s very likely that it’s a phishing scam.
3. Set up Two Factor Authentication
Two Factor Authentication adds another layer of security to your Instagram account against hacks. If Instagram sees a login attempt from an unrecognized device, you’ll be asked to enter a special code.
Without 2FA, if a hacker obtains your username and password, they can immediately log in and steal your account. With 2FA, even if a hacker knows your login details, they’ll need that time-sensitive verification code that’s sent to your phone or authenticator app.
To set up two factor authentication for your Instagram account, head to your profile and click on settings. From there, select security and then two-factor authentication. Tap Get Started and follow the instructions.
Despite this, it’s important to note that 2FA does not make your Instagram invincible against hackers - it can be bypassed, so don’t get complacent. For example, we spoke to Jessica Wenjia, a content creator with 180,000 followers, whose Instagram account got hacked even though she had two 2FA set up. The hacker used social engineering to dupe Jessica into providing her verification code, and soon after she was compromised and being held to ransom.
Click here to read our full interview and learn from Jessica’s mistakes.
4. Use a password manager
A password manager works like a centralized vault that stores all of your login credentials. Instead of remembering each one individually, you only have to provide the master password for the management tool. The password manager then autofills the login details as long as the domain is legitimate, allowing users to log in safely with minimal hassle.
A password manager is a great security tool to protect your Instagram account against hacks: let’s say you fall for a phishing email and you click on a link to a bogus website that looks exactly like Instagram’s login page. The password manager works like your final piece of armor, because it recognizes when the URL of a website is unfamiliar and will give you a heads up.
You might be interested in: The what, why and how of social media insurance
5. Get Instagram insurance
Even with all of these security best practices, you can never protect your Instagram account 100% against hacking attacks. Testament to this is the fact that an account gets hacked every 10 minutes in the U.S alone.
From lapses in concentration on your part to new and sophisticated hacking tactics, criminals will continue finding ways to steal accounts. That’s why business-savvy creators and business owners should protect their accounts with specialized insurance against hacks.
Notch is the first insurance for social media accounts against hacks. We provide:
- Real time monitoring of your account and instant alerts about suspicious activity
- A financial safety net if you get hacked, with daily payments to cover your loss of income
- A dedicated team helping you retrieve your account
How to recover a hacked Instagram account
If you want to know how to get back a hacked Instagram account, there are a few steps you can take. However, know from the start that there is no magic formula and it can often be a slow and hopeless process - so don't have high expectations.
In fact, we've spoken to hundreds of people who've tried going through Instagram support forms for hacked accounts, and most of the time they say Instagram takes them on an endless loop that leads nowhere.
According to Instagram's support page for hacked accounts, the first step you should take is to check your email account for a message from Instagram. If you've been notified by firstname.lastname@example.org of a change to your email address, you can select “revert this change”.
If this fails, Instagram then suggests you request a login link.
But hackers will typically change the email and phone number associated with the account and set up their own two-factor authentication, so these steps rarely work. Keep reading to learn the alternative method that has seen more success.
How to recover a hacked account through Instagram
Photographer Jared Quackenbush shared a method that worked for many victims of Instagram hacks: reporting the hack while verifying your account with a video recording of your face.
If you want to submit a video of your face to verify your account, here is the 11-step process:
- Go to the Instagram login page and type your username
- Tap on “Forgot password”
- Select “Need more help?”
- Choose the account you want to verify
- When you get the prompt, choose to receive recovery code via text message
- The hacker has likely set up 2FA at this point so you’ll be asked for another code
- On this same screen, tap on “Try Another Way”
- Tap on “Get Support” and select the optioned labeled “My Account Was Hacked”
- Select “Yes, I have a photo of myself in my account
- Type in your email address and tap on “Submit”
- You should be met with a selfie video recording, so follow the instructions and you’ll get contacted by Instagram within 24 hours (usually occurs right away)
This verification system only works if you’ve posted pictures of yourself recently, and because it’s powered by AI, it has some limitations - for example, if your picture has a filter, it may not recognize you. But this 11-step process has helped many people retrieve their hacked Instagram account, so give it a try.
What to do if Instagram isn't helping you recover your hacked account
If you've had no luck going through Instagram support to restore your hacked account, there are a few last resorts.
Scour your network and try to find a connection with someone who works at Meta / Facebook. If you're lucky, you'll find an employee willing to help.
If that doesn't work, don't give up with the 11-step account recovery process - you might get a breakthrough out of nowhere a few months down the line.
Why you need Instagram insurance
Getting hacked is a nightmare for creators and business owners. The retrieval process is painful, slow and often hopeless.
Which is why having a team on your side, fighting your battle, is such a game-changer when you get hacked.
Notch's policyholders get 24/7 assistance from a team of account recovery experts. At the same time, Notch policyholders receive daily payments to cover their financial loss of being locked out of their account.
Constant vigilance: Protect your Instagram account from hackers
To summarize, to protect your Instagram account from being hacked you need to do the following:
- Educate yourself about phishing tactics
- Cross reference emails via your Instagram security settings
- Set up Two Factor Authentication
- Use a password manager
- Get Instagram insurance