, ,

How to Prevent your Author Instagram (or Bookstagram) from Being Hacked

, ,

Turn on Two Factor Authentication ASAP

One of the popular blog posts I’ve written was on Backup Best Practices, and I wrote that one because it made me cry to see so many writer friends lose their work. Today, I’m seeing too many lose the following they’ve spent years building on Instagram.

PSA of the day: If you haven’t turned on 2 factor authentication on your account, do it now.

** Special Note - recently my phone was stolen and it brought home the importance of having backup codes if you are using google authenticator. If you lose your phone you cannot access your Google authenticator app and get codes on another device. Which means you could be locked out of your social media or other accounts where you used two-factor authentication.

I put this off for ages, but in the last week I’ve seen 5+ authors and bookstagrammers with 5- 10,000 followers get hacked.

And unfortunately, if your account is hacked (I don’t mean copied or cloned, but someone has gained access to it), then you as an author have little recourse. You will not get a response from Instagram help, and you will lose your account. Honestly, I believe Instagram help is just overloaded, but it's sad to see many authors and bookstagrammers end up stranded.

So author and bookstagram friends, if like me, you’ve put off turning on two factor authentication, here’s a quick Q and A on what it means and why it’s needed.

Why / how are all these author Instagram accounts getting hacked?

If you’ve ever re-used a password. It’s easy to buy a list of thousands of passwords on the dark web for cheap, then try them on all kinds of sites (same applies to bank passwords — never reuse those).

Think your old passwords aren't for sale? Well, if you’ve ever had Yahoo email, eBay, Facebook, Twitter, Canva, etc there’s a good chance your old passwords are out on the dark web.

This site has a visualization of the biggest hacks that may have affected you. Any account with one of these means some of your old passwords are for sale.

You click on a link sent by a friend (most folks are smart enough not to click on links from strangers). That link leads to a login page (the Instagram login page). You enter your username and password and BAM! That page was an identical spoof of the Instagram login page (not the real one).

And now the hackers have your credentials. First thing they do? Change the password and the email / phone number on the account (more than once). Instagram sends an automated email the first time your email is changed and lets you change the back to the prior one. But if you don't catch that email fast enough, then the email to reset your password is now going to a new address – not yours. And now you’re locked out of your own account.

So what is two-factor authentication?

At the simplest level, before your password can be changed (or the email/phone number on your account), you receive a text to verify it’s you. Or you can use an authentication app like Google authenticator and enter the code the app gives you (which is constantly changing).

This means that even if someone gets hold of your password, they cannot change it or your email/phone number on record without you approving first.

How do I set it up two factor authentication?

To me, this piece from Business Insider is the easiest to follow, with pictures:

How to set up two-factor authentication on Instagram.

The post is from 2020 but having just set it up myself, it still looks correct. FYI I chose to use Google authenticator – you have to select other options at one point to not default to the Apple option.

Here’s Instagram’s own article on the topic.

What if my author Instagram account has been hacked?

I wish I had a better answer here, but here’s the best information I’ve seen (and if you have something better to add, please feel free to put it in the comments!). 

First off, move fast! Like in minutes, not hours. 

Consumer reports did this great article:

What to Do If Your Instagram Account Gets Hacked.

The biggest point – if you can catch the email that comes from Instagram the first time your password is changed, that is your point to stop the hack. You can ask to revert back to your prior email address, and log everyone you don’t recognize out of your account and change your password.

Miss that first Instagram email and your chances of getting your account back are low.

Here’s Instagram’s official help doc. But the issue is that step where you send in a help request? Right now (May 2022) Instagram simply isn't responding.

Also, all the sudden random offers of help if you post on social media, are just another layer of scammers. "I know so and so they can fix this for you". Don't fall for these!

What do the hackers get from this?

The short answer is you've spent time to build trust and legitimacy with your followers on Instagram. They are trading on that trust.

When you recommend a great bitcoin investment, or offer a service at a low price (ching ching send the money via Venmo!), or send a link, your followers say “Oh, I know Lainey, I should click, learn more, send a low dollar amount, consider that thing she’s recommending").

I know it sounds unlikely you’d ever fall for it until it happens, but the messages they send are a lot smarter than the age old “I’m in the hospital and need money” or “I’m a Nigerian prince” from the early 2000s.

Saying that, if you haven’t read this list of The Most Common Scams Today (and how to avoid them), I recommend it. Also get a password manager software so you can have unique passwords on every account (yeah, I know it's a pain!).

 Anything I add or clarify?

Got tips or ideas for other authors? Feel free to add in the comments!

Was this helpful? (I hope so!). You can also always show appreciation by checking out my award-wining novel, The Exit Strategy or you can buy me a coffee (Like many authors, I do run on caffeine lol!). Or even better pass it forward by helping another author!