After a night at the movies, fabric merchant Noel Chapman got a text from a friend in Italy as he rode the tube home.
It said, “Look at your Instagram; something amusing is happening.”
He could put together what it meant – that his company’s Instagram account, which has 9,000 followers, had been hacked – in between Wi-Fi connection periods at each stop.
At 8:05 pm, Instagram notified him that the account’s email address had changed. “Three or four further notifications said that a two-factor authentication had been established and the password had changed.”
But when Noel contacted Instagram, he discovered that it would be harder than he thought to get back into his account.
“I rushed immediately to Instagram’s support center, where I was on hold until 1.30 am.
“Nothing happened when I reported it as a hack or impostor. It’s time you lose attempting to find assistance. They haven’t even deleted the account; the hackers still use my identity, and I’m still dealing with the consequences.
With 230 followers, Noel’s new Instagram account doesn’t have the same reach as his previous one.
“I had more than 9,000 fans. I misplaced them all. Some of them were clients, albeit not all. It served as my address book because of the messages and contact information. I’ve been in business for five to six years and never got access back.
Ugo Massabo, a Cornish Italian restaurant and deli proprietor, had a similar incident in February. When he opened a spam link posing as Instagram’s application for a verified blue badge, he had just ended his shift in the kitchen.
A notification informing him that a £350 ransom was required to restore control of the account was subsequently delivered to him.
I felt violated, he claimed. My company, photos, and tales have all been taken away for ransom.
Furthermore, you feel helpless since no one is around to assist you.
I got a response from Facebook apologizing but explaining that my case is beyond their purview.
Facebook and Instagram said they would look into these incidents more thoroughly when contacted for comment.
What should I do now that I’ve been hacked?
However, the two company proprietors are not alone. According to a study from the Cyber Resilience Centre for the West Midlands (WMCRC) from 2021, £3.8 million was lost within a year due to unprotected social media and email accounts.
The best course of action if your company’s social media account has been compromised is to enter complete lockdown mode. All accounts should be suspended, and their login information should be changed to secure passwords on your social media accounts and on all other places where private information is kept.
Initially, it could not have been the compromised social media account but an email address connected to the business. That opens the door to altering login information on other platforms.
Hackers likely took over using a malware assault, which included a dubious link that a worker may have clicked on. Scan all corporate PCs for malware.
Then turn on two-factor authentication after notifying the social media provider.
Informing your customers and the general public about the incident and issuing an apology for the information they would have been exposed to is a smart idea once you have recovered access to the account.
You can also report the hack to Action Fraud.
How can I prevent attacks on my social media accounts in the future?
The threat to small businesses from hackers is rising, with 39 percent of businesses reporting cybersecurity breaches over the last 12 months.
#1 – Use two-factor authentication: Limit the number of users with access to social media accounts and switch on two-factor authentication. this will send an SMS message to the phone of the account admin whenever a new IP address is attempting to log in to the platform.
#2 – Use different passwords for each platform: Ensuring strong passwords are used for different websites stops the spread of hacks infiltrating elsewhere in the business. You can use password managers to create unique, secure passwords.
#3 – Be careful with links: the biggest weak link in any business when it comes to security is the employees and human error.
#4 – Review social media security settings: Through settings, you can turn on log-in notifications and secure browsing.
Further reading
Three threats to your company’s Twitter account – and how to avoid them