News
Hackers and impersonators on the prowl on Instagram
“Is this you?” – was the repeated message in the inbox folder that 22-year-old Piyumi Wattuhewa woke up to one morning.
“There were scores of messages from friends–some asking me if I had created a second Instagram account, and others, rightly telling me that someone had created a fake account in my name.”
Many Instagram users have lately found themselves victims of cyber impersonation and hacking in a series of scams involving cryptocurrency, forex schemes and other disinformation campaigns.
“I wouldn’t have known about it if my friends hadn’t told me because the fake account had blocked my account from it,” she told the Sunday Times. The impersonators had managed to feign authenticity on the fake account by copying Piyumi’s bio and using the same pictures that she had posted on her account going back a few months. “If you scrolled down you could see there weren’t any more photos but to the unsuspecting eye, at face value, that was quite convincingly me.”
The impersonator had texted Piyumi’s followers through the fake account with a link to a forex dealing scheme. Those that click on the link would be redirected to a website where they would then unwittingly be made to enter the details a hacker would need to log in to their account. “One of my followers clicked on the link the imposter had shared and their account got hacked – they’re locked out of their account right now and trying to get it back,” she said adding that thankfully, most of her friends had not engaged with the impersonator or clicked on any links.
“I reported the account and then asked everyone I could, to report it too,” noted life coach Yasodhara Pathanjali who was also impersonated online. Yasodhara has 11,000 followers on Instagram, vital component of her work – ‘I felt really vulnerable because we don’t think about how exposed we are in a lot of ways.
Most impersonators get away by making an account with the last 6-10 posts of the victim’s account and recreating the same bio with the same profile picture. Another method is by setting up a username that’s almost the same as the original account but with an extra punctuation mark or a letter, something that might not come under a duped Instagram user’s radar until it’s too late.
However, Meta, the parent company that Instagram, Facebook, and WhatsApp fall under allows for an account to be reported for impersonation which makes it easy to lock fake accounts out.
A hacked account on the other hand is harder to recover. “It took me eight days of proving my identity to Instagram with my personal identification documents via Facebook to get my account back,’ noted 20-year-old cybersecurity student Rasal Jayasinghe.
Rasal is to date unsure of how his account got hacked but claims that he most likely forgot to log out of another device he had logged into his account with. Rasal’s hackers had posted terrorism propaganda, which violates Instagram’s community guidelines. Rasal lost 6000 followers from his account as a result of the hack.
“It was a rollercoaster of emotions but I basically had to do a video authentication for Instagram and they gave me a link for me to log back into my account with,” noted 22-year-old investment advisor Mark* (not his real name). He had received a follow request from a friend’s account (an impersonator account), which he accepted. He had then received a Direct Message from the said friend which claimed to be attempting to “retrieve his account.” “Since I knew my friend, I didn’t think much of it when a link was sent to normal messages which I was just supposed to copy back and send to this person that I thought was my friend.”
What the hacker was doing in this instance was using Mark’s username and then the “forgot password” option of an Instagram login. Once the forgot password process is started Instagram sends a reset link to either the registered user’s phone number or email address which can then be clicked on to begin the process of changing the password. When Mark sent the impersonator account this link, they then had everything they needed to change his password and gain access to his account.
“Just a few minutes after I sent the link I started to get calls from my friends saying the account has gotten hacked,” he told the Sunday Times adding that he had lost access to his own account at this point since the hackers had changed his passwords and logged his account out of his devices.
The hackers had then proceeded to post pictures off Mark’s Instagram as his supposed wallpaper with an edited notification from his bank which supposedly claimed that RS. 1.9 Mn had been credited to his bank account. The post claimed that he had earned these big bucks from a crypto scheme that the hackers were trying to advertise.
While most Instagram users are not susceptible to scams, accounts of influencers that have large followings carry a risk. One Instagram influencer with close to 15,000 followers and who was recently hacked said one of his followers had fallen for the crypto scam and invested money in it.
Users are advised to avoid clicking on links sent through DMs, avoid investing money in unverified investments, and to follow general security guidelines to ensure that their information is protected.
 Most impersonators get away by making an account with the last 6-10 posts of the victim's account and recreating the same bio with the same profile picture | |
Securing your Instagram Account: Advice from the Instagram Help Centre
|
The best way to say that you found the home of your dreams is by finding it on Hitad.lk. We have listings for apartments for sale or rent in Sri Lanka, no matter what locale you're looking for! Whether you live in Colombo, Galle, Kandy, Matara, Jaffna and more - we've got them all!