If you want to avoid being “hacked” on social media: don’t trust the direct message from your friend offering money or jobs. And do not send anyone a link that you had to request from Instagram, Facebook, or the like… Especially your bank! Want to understand how people are getting locked out of their accounts and what you can do to keep yourself safe? Keep reading.

Your Friend Probably Didn’t Get Hacked, They Got Tricked

It started when my friend had an Instagram story that read something like, “I know the holidays are hard…” and proceeded to offer the next 10 people $1,000 in exchange to be an ambassador for CashApp. The internet is home to “if it sounds too good to be true: it is.” But I was curious.

The scammer was good. Proceeded to tell me the steps I needed to do to verify my Instagram account to CashApp. Sounds believable, but I realized that the “link” I was sending them that came to me from Instagram, was a way to log into my Instagram account without having my password. From there, my “friend” would be able to change my password, the email associated with my account, and effectively take over my account.

There have been a few versions of this scam ever since. I’ve lost many friends to the CashApp and Bitcoin pretenders. Some were able to recover their accounts, but not without stress.

While I think in this case, when texting users a security login, Instagram could include the text: “Do not send this link to anyone. It provides access to your Instagram account.” And prevent a good chunk of these “hacks,” as users we have to be more proactive about our internet security.

Rules to Avoid Scams, Hacks, and Phishing

  1. Do not provide your login information to anyone online.
  2. When a site you have an account with sends you a link or a passcode, do not share that information with anyone!
  3. If your friend is encouraging you to try something, ask them something only they would know. The more this “friend” talks to you, the more apparent that you may be talking to a stranger pretending to be your friend to scam you (and others).
  4. Double-check URLs of email addresses before following links. For example, Facebook scam emails are designed to look like they come from Facebook. The URL will be close, but not @facebook.com.
  5. Double-check URLs before entering any login information. In the Facebook scam, links were provided in the email and the webpage looked like Facebook’s homepage. When the user entered their information, the hackers could see. This practice is called phishing.
  6. Enable two-factor authentication on any account you have with that feature. Two-factor authentication provides an extra layer of protection should someone gain access to your password.
  7. Change your passwords frequently and do not use the same password for multiple accounts. If you have difficulty remembering passwords, or share accounts that multiple people have access to, consider a password application such as LastPass.