Your Friend Probably Didn’t Get Hacked, They Got Tricked
The scammer was good. Proceeded to tell me the steps I needed to do to verify my Instagram account to CashApp. Sounds believable, but I realized that the “link” I was sending them that came to me from Instagram, was a way to log into my Instagram account without having my password. From there, my “friend” would be able to change my password, the email associated with my account, and effectively take over my account.
There have been a few versions of this scam ever since. I’ve lost many friends to the CashApp and Bitcoin pretenders. Some were able to recover their accounts, but not without stress.
While I think in this case, when texting users a security login, Instagram could include the text: “Do not send this link to anyone. It provides access to your Instagram account.” And prevent a good chunk of these “hacks,” as users we have to be more proactive about our internet security.
Rules to Avoid Scams, Hacks, and Phishing
- Do not provide your login information to anyone online.
- When a site you have an account with sends you a link or a passcode, do not share that information with anyone!
- If your friend is encouraging you to try something, ask them something only they would know. The more this “friend” talks to you, the more apparent that you may be talking to a stranger pretending to be your friend to scam you (and others).
- Double-check URLs of email addresses before following links. For example, Facebook scam emails are designed to look like they come from Facebook. The URL will be close, but not @facebook.com.
- Double-check URLs before entering any login information. In the Facebook scam, links were provided in the email and the webpage looked like Facebook’s homepage. When the user entered their information, the hackers could see. This practice is called phishing.
- Enable two-factor authentication on any account you have with that feature. Two-factor authentication provides an extra layer of protection should someone gain access to your password.
- Change your passwords frequently and do not use the same password for multiple accounts. If you have difficulty remembering passwords, or share accounts that multiple people have access to, consider a password application such as LastPass.