/ 20 December 2022

Hacked in a nano-second

Stick Up
Hijacking on all social media platforms rose an estimated tenfold in the last year, with Instagram users bearing the brunt of this scourge. Image: Pexels

This heist along the information superhighway surprisingly took less than a minute. On some level, I suppose it was bound to happen, what with so many people I knew falling victim to similar unscrupulous tactics. But in the dark recesses of my mind, that was always something that happened to other people.

I’ve experienced a rollercoaster of emotions since then, grappling with a situation thrust upon my rather unsuspecting self. Forget the five stages of grief, let me distil for you the five phases of a digital stick-em-up. It’s real and happens in a heartbeat, so jot down a few notes.

The approach

As a newly inaugurated member of the “Hackee Circle”, I’m convinced that the true art of hacking lies in the innocence of the initial approach. An innocent and equally artful message needs to be carefully crafted, much like a content creator planning a dance routine on Tik Tok, with the audience (you and me) front of mind. 

In my case, I received a direct message (DM) on Instagram from a friend who I did not know had been hacked. The message warmly shared that she was starting a clothing line and wanted to add me to a WhatsApp group to share in the journey (ok, I added in that last bit about the journey, but see how convincing I found the message to be?). The message was within the realm of reality; she is a creative, so branching out in this new direction is something I could easily imagine her doing. What didn’t stack up though, was the persistence with which she kept messaging me.

That, and, why would I need to receive a link via text message to share with you on Instagram just to add me to a WhatsApp group? This comes back to how feasible the message was initially. If you had already downed the kool-aid, as I had, you wouldn’t question what was going on.

Compromised: The author’s hacked Instagram account now shares posts for bitcoin. Image: Ryan Enslin

The hack

So, there I sit waiting for a text message from Instagram containing some or other link I’m still unsure about. The hacker persists with DMs: “Did I get the link?”, “Should a new one be sent?” and “Thank you so much for doing this.” 

I actually started to type a WhatsApp message to my friend to tell her that I was on a deadline and she needed to back off, but then the much sought-after link pinged on my phone. I stopped typing and erased the draft message. Bad call on my part.

I sent the link off.

Nano-seconds later, a sinking feeling enveloped me. The text message and link was a password reset link for my beloved Instagram account. Which I had happily forwarded to someone else. The reality of the situation hit and it was super kak. 

A major case of self-disappointment set in. Why had I not trusted my instincts and confirmed with her via that separate WhatsApp message? Why did I not stop and evaluate what was going on, especially as the all-important text message from Instagram contained a disclaimer not to share it? Why?

But it’s gone. I found myself logged out of my Instagram account, innocently I tried to log in again, but the platform told me the password, one I’ve had for years, was incorrect. The feeling of disappointment continued. It’s actually rather embarrassing what I allowed to happen to me.

The Instagram connection

Amidst ever-increasing bouts of self-loathing, I send a message to Instagram via another account, one that still belongs to me, and report the hacking. Rather quickly they send me a message indicating they can help, but that I need to verify myself via some strange video feature. Ultimately, it served no useful purpose and my account remains the property of someone else.

What really gets my goat is the simple fact that in a matter of less than a minute my Instagram password, email address, cell phone contact number and device used to access the account, were all changed. Then, ridiculous posts about me making money from Bitcoin were published to my feed and innumerable DM’s were sent (and continue to be sent – sorry) with a message about being added to my clothing line WhatsApp group.

One would think that in the age of the algorithm, Instagram would see a problem in what transpired that Wednesday afternoon and maybe assist users. Alas, no. 

Secondary scammers: Prepare yourself for a second round of spam once you’ve been hacked, it goes a little something like this. Image: Ryan Enslin

The ‘let’s fix this’ scam

As my emotional state continued to fluctuate like the contents of a young child’s stomach on a late afternoon Anaconda ride at Gold Reef City, I posted a message to my Facebook account to let people know what was going on.

I think the hackers, and those of their ilk, were expecting this. The use of words like “hack” and “Instagram” in the post (how else do you explain a hacking on the platform?) sparked a second round of invasive spam in the form of comments to the post. Each one suggested this person or that person who could definitely help get my account back, together with a link to their account. The second wave was relentless and turned out to be nothing more than just another attempt to scam me.

I tried contacting one such person, for some reason still naively believing in the basic tenets of goodness and humanity in others on Facebook. When a “diagnosis” was performed on my hacked account and the fix was, you guessed it, a $540 firewall software package. I decided to tell them where to get off with the use of rather strong language. An Afrikaans expletive or two may also have been used for good measure.

The acceptance of things

Once my emotions began to normalise, I sat down and thought about the situation. Ever the eternal optimist, I believe problems are opportunities, if you just reframe your thinking.

A forced reset had occurred in my life, one which gave me the space to critically assess what I had been doing with my Instagram account and how I could broaden my vision and approach going forward. Plus a challenge was set for me to build a new account. So I opened a new Instagram account (I’m now @My_Lime_Boots), but I’m still pissed at the invasion of my digital space. Let’s see where this journey takes me.
One thing I am most happy about from this sad state of affairs is that, following the hacking, I have spoken to so many people I haven’t had contact with in years (thank you for all the messages telling me that my account has been hacked). Sad that it’s taken a social media platform failure to orchestrate, but I’ll take it as a win against the algorithm.

Fresh start: The author’s new Instagram account, note the dreaded underscores and all those zeros. Image: Ryan Enslin