Californian blogger Elise Armitage quit her corporate job at Google in 2019 to chase her dream of being an entrepreneur. Since then, she's been able to massively grow her blog and Instagram, racking up over 120,000 followers and turning her content into a full time job. However, her world came crashing down when her Instagram account was stolen by a hacker. Suddenly, a major source of Elise’s income was gone and her life as an independent creator was thrown into jeopardy.
We spoke with Elise to get her full story - from how exactly she got hacked, what she did after being held to a ransom, and her security advice for other creators.
What The Fab’s journey: from hobby to full time job
“I started What The Fab in 2012, and since then I’ve been blown away by how much the influencer landscape has changed. Blogging has always been a passion of mine that I feel so lucky that it’s my full-time job. Since leaving my corporate job at Google in 2019, I’ve continued to chase my dreams of becoming an entrepreneur. Now, I’ve expanded What The Fab to becoming a 6-figure business and just launched an SEO course.
My Instagram is a full-time job and I definitely view it as a business since I use it as a way to work on sponsored campaigns. But you’ll still see me posting for fun and sharing all my travel photos.”
Instagram hacked: How it happened
“It happened on a Friday morning, I was trying to jam through a few emails that had been sitting in my inbox unattended to the last couple days. One of them was an email from a brand, asking what my rates are for an Instagram collaboration (the name of the brand was that of a real brand, and I found out later the hackers have been using several different brands and their Instagram names in these emails).
This is a really typical email that influencers receive daily. I scanned it quickly, clicked the link to the brand’s Instagram page to check out their aesthetic, and responded back with my rates. I was not asked to log into my Instagram account and enter my password and username (other influencers who received a similar phishing email were prompted to log in), but I was already logged into Instagram on my browser”.
The horror of getting hacked - even with 2FA set up
“It’s basically every influencer’s worst nightmare—to have your Instagram account hacked. And while I take a couple of precautions with my account like enabling 2-step verification and occasionally changing my Instagram password, I never actually thought it would happen to me.
The feeling of panic and nausea that swept over me when I received an email from the Instagram hackers telling me what had happened was so strong, that I thought I might pass out.”
"While I take a couple of precautions with my account like enabling 2-step verification and occasionally changing my Instagram password, I never actually thought it [getting hacked] would happen to me".
Red flags: Identifying the scam in hindsight
“Looking at the phishing emails in hindsight, there were three signs I should have spotted and will now be paying close attention to in emails going forward:
1. The email address
The first sign was the email address firstname.lastname@example.org. If they’re not emailing you from an address associated with the company’s domain, it should go straight into your spam. It’s just not worth the risk.
2. The link to Instagram
The second sign was the link and how it ended with photo_135. While the Instagram link at first looked legit to someone rushing through their inbox, looking back on it I realize that Instagram links do not get shared in that format.
When you directly link to an Instagram photo, it looks something like this: https://www.instagram.com/p/BlgQs5dAsjZ/?taken-by=wtfab when linking through a desktop, or this: https://instagram.com/p/BlgQs5dAsjZ/ when linking through the app.
3. The URL inside the link
The third sign was the URL when I hovered over the link. This is the most important part, and where the key to learning lies. If you look at the screenshot, the link looks like an instagram.com URL. However, if I had taken the time to hover over the URL, I would have seen https://lindagram.ru/sheikeandco/ at the bottom left of my screen, which is obviously some phishing link”.
The aftermath of getting hacked on Instagram
“I immediately tried to open up Instagram to change my password but received a notification that I had been logged out of my account. When I tried to log back in with my credentials, my username, email address, and phone number were all unrecognized and no longer associated with an Instagram account. The hackers had changed everything associated with my account and log in, and there was no possible means of recovery. I was completely locked out.
I immediately texted a girlfriend of mine who works at Facebook asking for her help. An internal security ticket was made, but no one responded to help. I also started researching in Influencer Facebook groups, and I saw that this exact same thing was happening to other girls in the group too. Some girls got lucky and got their accounts back, but others like me were asking for help on what to do”.
A Bitcoin ransom
“I ended up paying the ransom, but I don’t recommend doing this, as I’m hearing more and more people paying the ransom and still not getting their account back. They wouldn’t accept any form of payment other than Bitcoin (I tried to get them to agree to a wire transfer, and they gave me a half-complete address of a bank in Ukraine that wasn’t going to cut it). I thankfully have a cousin whose husband is super knowledgeable in Bitcoin and asked if he could send the Bitcoin to hackers on my behalf. This led to a four-way call with my cousin, her husband, and his friend who had Bitcoin readily available (shout out to Greg for coming through and helping a stranger out!!). Finally, 4 hours later they sent me my log-in information”.
Lack of support from Instagram
“I went to Instagram’s help center, which was absolutely useless. There is absolutely zero support for someone who has been hacked. There is no one to reach out to, and their best advice, if you’re unable to log in, is to make sure you’re typing your email address or username correctly. They do have a form you can fill out so that they can “hear about your experience” if you think you’ve been hacked and are still having trouble logging in. Not exactly helpful in a time of crisis. I submitted my info to that form and never heard back.”
A message to other creators - be vigilant
“I think it’s every content creators’ worst nightmare. People are definitely cautious and aware, but hackers are constantly coming up with new schemes, so you have to stay vigilant. Watch out for suspicious links and be hyper-vigilant about what you’re clicking. Every month, I have hundreds of people reaching out to me because they came across my blog post about getting hacked, and they’re looking for help”.
"Every month, I have hundreds of people reaching out to me because they came across my blog post about getting hacked, and they’re looking for help”.