There was some Instagram hubbub recently with a very prominent archery brand. I was in Texas at the time, helping a client, so I heard about it second-hand. But the gist of the scenario is the brand’s Instagram account was hacked. Their photos were systematically, and slowly, deleted; their profile photo was changed; and their bio was adjusted to not-very-nice-things.
This is the nightmare of every social media manager.
Like for real, I have bad dreams about this happening to any one of my clients.
However, there are systems available to you to avoid such catastrophic events. I’ll start with the easiest and end with the hardest/most costly.
1. Use Two-Factor Authentication.
If you don’t already have two-step factor authentication set-up on your Instagram and Facebook accounts, please stop reading this and DO. IT. RIGHT. NOW. It doesn’t matter if you have a personal IG account, or a brand account.
- How to do it: On Instagram, go into Settings --> Security --> Two-Factor Authentication. I recommend the texting option. But choose what works best for you.
- If this fails you, be quick about following the steps laid out by Instagram on this help page: https://help.instagram.com/149494825257596
You may be wondering why brands don’t already have this set up. Well, it’s because it is annoying. Let me explain. As a brand, you probably have two to three people who have access to your Instagram account at any given day. You may have to add someone to help with a special project and you can’t just give them your log in information. No, with two-step turned on, you give them the log-in and then you have to coordinate timing of them logging in, so you can give them the code generated, which was texted to the account owner’s phone, so they can gain access to the page.
It sounds silly as I type this – but honestly, coordinating timing is annoying. But do it anyway.
2. Don’t open fishy or spammy emails!
I asked Chuck Rossi, former Facebook employee and currently editor of OpenSourceDefense.Org, for advice regularly when it comes to social media shenanigans. He reminded me that spammy emails are still one of the main tactics hackers use to gain access to your computer, and your data. “The main attack vector of phishing emails on Facebook pages are the things people *really* need to watch out for,” shared Rossi. “I've seen some recently that are really effective and official looking.”
3. Don’t share passwords across sites.
If your email password, IG and FB passwords are all the same, and one of them is compromised, you are, in a sense, screwed.
A friend of mine had her Facebook account hacked recently. They took it over, changed her birthday to a very young age, so that Facebook would never allow her to have a Facebook page, and then proceeded to take over her Facebook Advertising account. They were successful in charging upwards of $1000 on her company card. It didn’t stop there. Her FB and IG passwords were the same, or similar enough for them to access her Instagram, and they proceeded to take that over, too. She had no recourse. She tried verifying her age with Facebook by submitting her Driver’s License, but again, Facebook is either backlogged, or doesn’t care. So, then what? They found third-party help.
4. Hire a Third-Party Company.
This is super-duper scary, but my friend found this company and they were first able to get her back on Instagram, and then they hired the company again to get her back on Facebook. Total money spent was around $200. Worth it? I think so.
- Hacked.Com For around $150, you pay to have your problems fixed. That fee covers follow-ups on the same issue, at least it did for my friend. They sign you up for an ongoing maintenance account, something like $6/month, but you can easily cancel that, which my friend did, as well. The founder, Jonas, has a scheduling tool online and you meet with him over Skype to go over what happened, provide log in information and so on.
5. Get your account verified.
Getting an account verified on the ‘gram is as likely going to happen to you, or your brand’s account, as winning the lottery. If it does happen, count your lucky stars and buy a lottery ticket.
- How to do it: On Instagram, go to Settings --> Account --> Request Verification. You need a driver’s license of the account holder, and then answer a few questions. You will not hear back. Like, ever. But I recommend doing this monthly. Mainly to piss off Instagram and it makes me feel good that we are all striving to do that.
Why won’t you hear back? Oh…there are many reasons floating around on the interwebs . . . some say it is because Instagram is backlogged, some say it is because they suck (I say that, actually), and some say it is because they just get too many requests with the billions of users out there.
Those are your steps to avoid getting your accounts hacked from easiest to the most difficult.
I recommend bookmarking this article and share it far and wide with your friends. The important thing to remember is to be aware of who has access to your passwords, and to change them regularly.
Note: This article originally appeared on The Archery Wire.
