How to protect yourself from phishing and hacking on Instagram

The COVID-19 pandemic has changed the way we meet with friends, watch concerts, or exercise and watch movies, making platforms like Instagram the space where we can feel close to the people and things we love in a context of work from home and social distancing. With streets empty and people heavily relying on the internet for all aspects of life, scammers, like everyone else, have also intensified their activity on platforms.

Phishing and hacking scams are not part of the list of new things brought by the virus – they have been around since the early days of the internet. But the tactics used to evade the protections put in place by platforms and websites to protect users are constantly evolving.

One of the tactics currently used by scammers, for example, is to contact users through DM with suspicious links in an attempt to gain control of users’ accounts, steal data and make more victims of scams.

Also, when scammers manage to take over verified accounts, they generally change the account name and bio information to suggest an affiliation with Instagram – for example, “instagramsupport” – and try to take control of other accounts.

There are ways, however, to prevent this from happening – and we would like to share with you the top tips on how to keep your account protected and stay away from scams. They can be found listed below or on a series of three videos we did with SaferNet, an internet rights organization in Brazil.

At Instagram we take the security of our community very seriously and we are constantly improving our systems to better detect and prevent this and other types of bad behavior on the platform. We also know that losing access to your Instagram account is a distressing experience, but in case it happens to you we have ways to help you recover it.

And please feel free to share this blogpost and the videos with your friends and family to help them also protect their accounts.

• Enable the two-factor authentication for extra security for your account. It offers additional security to ensure that even if someone knows your password, only you can access your account. Two-factor authentication can be done by codes sent by SMS or by a third-party authentication application (such as Duo Mobile or Google Authenticator).
• Choose a strong password: a combination of at least six letters, numbers and punctuation marks.
• Revoke access to third party applications. They can expose your login information.
• Do not share your password with people you do not trust.
• Instagram never communicates with users through Direct and all communication made by Instagram via email can be confirmed in the app, in Settings > Security > Instagram emails.

Always be suspicious of:

• Messages on Direct or in other messaging apps claiming to be from the Instagram team, asking for your data, or indicating a link for you to click on, or asking for you to share the code received by SMS (if you have two-factor authentication enabled).
• Links sent by accounts that claim to be from Instagram or another brand which you have recently interacted with.
• Messages that seem to come from a friend or company you know asking you to share information such as your mobile phone number or banking data in exchange for discounts, promotions or vouchers for services or consumption.
• Accounts that claim to represent large companies, organizations or public figures, but are not verified.
• Small or medium businesses with private profiles, without comments in their publications.
• Accounts that claim to be from the Instagram security team asking you to provide your account information (such as username or password), offering verification badges, or warning that your account is about to be removed for violation of Instagram’s policies.
• People asking you to transfer the conversation to a less public or less secure environment (like a separate email).
• People who ask you to pay a fee so that they (or you) can apply for a job
• Known or unknown people who ask you for money through Direct.

For more safety tips visit the Instagram Help Center. If you see something that you believe is a scam, avoid responding or interacting with it and report it to Instagram immediately. Instagram does not share your information with the account whose content or profile you are reporting.