I was hacked and lost my IG account. A very disappointing experience and I see it happen to so many friends. So here is how I was hacked and some ways you can learn from my mistakes.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Anatomy of a hack
1. Anatomy of a hack ...
What you need to know
… How you can learn from my mistakes
2. Background and Context
• As many of you know my Instagram Photography account was hacked
• I thought I knew what to do, and what not to do BUT I too got fooled
• This is what happened to me …
• Step by step … so you can learn from my mistakes
3. July 17 – I was hacked
• It took all of 10 minutes …
and years of social media content,
all my contacts, conversations,
followers … POOFed
• They seemed to think I was a
“business” and hence I would pay
to get it back
4. Those early steps …
• I was outside doing BBQ for the
family, not really paying attention to
my phone
• A “Hello” message pops up from a
model I photographed a while back
• She wants to know if I sent her a
“strange screen”.
• “No I did not !! “ I replied
“do not click on it – it’s likely a virus “
• She wanted to know if I’m getting
them too
5. The Big Mistake …
• I explain “I’m fine”, but then get a
text message that indeed seems
funny
• I report it as spam, and delete it.
• Tell her I just deleted a funny message,
BUT I never clicked on it.
• She’s gets another and so do I, asks if
we are getting the same message
• I send her a screen shot - MISTAKE
• It looks like a partial message ending
in “…”
BUT it had enough for the hacker to
retype the link and use it !!!!
6. In Retorospect …
• I knew not to click on anything
• And I sent “her” just a graphic with
no active link !
• Plus when I look back it seems that
the link in incomplete
• YET – it seems the hacker had
enough to reconstruct the link and
use it.
• By now we are having dinner and
this chat is behind me
7. All within 10 minutes …
• As we ate a series of messages were
sent to my email…
• Your password was changed
• A login happened from a new device
in Port Harcourt, Nigeria !!
• Two - Factor authentication is
enabled
• You email was changed to
verifyg080@gmail.com
8. An hour later I see these messages
• Sensing something is happening I’m
wondering what’s up
• My phone is getting a pile of texts
with a “recovery code”
• This “model” is now asking if I have
gotten these 6 digit codes and can I
sent her a screen shot so she can
compare them to hers
• Alerted I check my emails are see
what’s happened
• BUT clearly the hacker still needs
something and keeps messaging
9. Trying to recover …
• I can’t log into my IG Photography
account, but my other two
OttawaPhotographyMeetups and
@OttawaModelManagement are ok
• I check my Facebook and change
passwords on all my other accounts
• With the help of a friend we find the
online guide of what to do and it
says to go to the original email and
click …
“REVERT THIS CHANGE”
10. BAD Documentation
• PROBLEM …
there is no such link in the email
• The only link is Secure Your Account
and that leads back to the previous
page of help text saying we should
click …
“REVERT THIS CHANGE”
11. Next Tact ??
• The next suggestion is to
“click forgot password”
• This sends a message to the Hackers
e-mail (since they changed it)
• I get nothing but a new barrage of
texts from the hacker saying they
can see me trying to access the
account … Do I want it back ????
• So I use “try another way” and
request a code to my phone.
• That moves me to the next step,
BUT before I can reclaim the account
I need to enter the hacker’s
2-factor authentication code !!!
12. Must be a better way to get it back…
• All my IG accounts and my
Facebooked are linked together
• When I’d log into one, I’d have access
to the others, but now it appears
there is the concept of a
“Meta Account Center” that controls
which accounts can log into which
other accounts.
• Not sure why the Hacker didn’t or
couldn’t use this to get to all the
other accounts, but they detached my
hacked account from my Account
Center. Yet Facebook still sees the hacked
account as my main IG business account.
So I can see if the hacker messages anyone
pretending o be me
13. One more possibility ??
• IG Documentation says you can
reclaim you account if you take a selfie
video and submit it. They compare
your selfie with the IG account images
and see if that is really you.
• Well I tried, because the profile pic on
Facebook is me, but my IG account
was for photography and all the
images there were of other people I’d
photographed.
Dead End
14. Try, try, try … or start again ?
• I asked all my friends to report
@MikeGiovinazzoPhotography was hacked
• Reported @MikeGiovinazzoPhotography as
impersonating me
• We finally found buried in the IG app a place
to REPORT A PROBLEM
• So I prepared an outline of what happened
and included the screen shot of all the emails I
got within 10 minutes with the password
change, Nigeria login, new 2FA, changed
email.
NOTHING HAPPENED !!!!
NO REPLIES !!!
So now what – start again ???
15. Worried About Others
• I now use Facebook to monitor who
the hacker might target next by
impersonating me
• I also alerted everyone I can using
Facebook personal account,
business account and my other IG
accounts.
• FUNNY – as soon as I used the word
HACKED on Facbook a pile of people
who do not follow me and are not
my friends MAGICALLY appeared
sending me links to hackers who in
turn would recover my account .
Yeah !! I ignored these
16. Stale Mate ?
• So my Facebook page remains
linked to my Hacked IG account
• I can see anyone who comments or
messages me on the old account
• It even possible to message them
back via my Facebook Business Suite
inbox
• If I do that the Hacker would see I
still have partial access to the
account, but I suspect they know
because they are still pestering me
for the 6 digit authentication codes
being sent to my phone.
17. What are they missing …
• The hackers starts texting me
looking for the 6 digit codes being
sent to my phone
• Clearly they are still missing
something
• Then I get similar messages to my
eMail
• Finally they use my cell number and
start sending Whatapp requests
I think they still want to detach my cell
from the hacked account and/or
detach my Facebook account
18. In the end …
• I just gave up on Meta – they do not respond to hacks and for whatever reason do not care or
just do not have the resources to investigate
• I started again and created @MikeGiovinazzoPhotographer as opposed to
@MikeGiovinazzoPhotography
• I started re-adding friends to IG (but slowly because when I tried to do too many IG said I was
abusing a feature and would “suspend my account” ???
• I renamed my Facebook account to match my new IG account
• I have yet to somehow link my new IG with my Facebook photography page
• There are still 1000’s of images linked to my hacked account and some still are tagging me using
the old IG so I never see those images
• It’s a bother for everyone to retag older images so I have to learn to let go.
PLUS searches still find the old IG so new people looking for me sometimes go to the wrong
place.
• Ideally I could get the old account reinstated or deleted all together to avoid confusion
19. Lessons Learned
• Most hacks start with the most innocent “Hello” from some account you know
• If the messages seem out of character check with that person VIA OTHER
channel such a text, phone call, email, different social media app …
NEVER ask the HACKER “are you real?” If necessary challenge them with
something they would not know (Where did we meet When did you last see me)
• Turn on 2-factor authentication. Yes it can be a pain but if you have a limited
number of trusted devices it is manageable.
• NEVER click on a link someone sends you. Even if you know them and the
message is innocent (This is funny, You’ll love this, Is this really you, …)
• Do not share anything from your phone, not even a screenshot