What 2 do: Russian email hijacks your Instagram account
Jason Cox, with Dynamic Quest, says hackers can access your account through a database, but he also says it could be as easy as guessing your password.
GREENSBORO, NC – Hackers can be relentless, but there are ways to better protect your social media accounts.
WFMY News 2 reporter Erica Stapleton began investigating the matter after her Instagram account was overrun by a Russian email address ending in .ru. This is an issue that many others have learned about online, and it is a threat that could affect you or someone you know.
According to Jason Cox, Security Practice Manager at Dynamic Quest in Greensboro, the best way to protect your accounts from hackers is to enable 2-factor authentication.
“If you haven’t enabled 2-factor authentication, it’s a matter of them knowing something about you and being able to compromise your password,” he explains.
Cox says hackers can access your account through a database, but he also says it could be as easy as guessing your password. Lots of people will use animal names, colors, seasons, or something they like. Without knowing it, you might even post clues about your interests on social media. He adds that a lot of people use the same password for different accounts. Once a hacker sneaks in, they can gain access to more than you expect.
“The danger is that they can potentially access your bank account information,” Cox explains. “They can use it to attack other people. If they have your email information, they can use it to essentially assume your identity, and then use it to potentially phish information about other people as well.”
Cox says he sees a lot of email scams happening this way.
“Spear phishing targets a certain group of people. It’s not the old ones where people have all these typos and they’re just throwing them at the masses, although they’re still there.”
The bottom line here is to be careful what you click and what you post. You need to enable 2-factor authentication for all your accounts and devices. He also recommends changing passwords regularly and using what he calls a longer “passphrase”, such as a sentence, and therefore harder to guess.
“It’s much cheaper to protect yourself and have that little extra step of inconvenience than having to deal with the recovery after the fact.”
In Erica’s case, she realized that Instagram had sent her an email asking whether or not she allowed the new Russian email address. From there, she was able to reverse the change and regain control of her account. But not everyone is so lucky. Cox says that sometimes, if the hacker takes full advantage, you’ll have to prove to the social media site that you are who you say you are, which isn’t always easy.
“It’s all about identity,” he says. “You have to be able to prove that you are who you say you are and that is why taking these steps up front is the most important thing you can do.”
WFMY News 2 reached out to Instagram about the situation and asked what someone should do if they are unable to recover their account. In an email, a company source referred us to their procedure on hacked accounts.