Recently, a number of florists have been experiencing account takeovers on social media, especially Instagram. Social media is one of your most powerful tools, so what can you do to protect your investment?
In this article:
Strengthen your password
The number one cause of an account breach is a weak password. Some tips for password management:
Use a unique password for each of your accounts – this way, if one account is compromised, it’s less likely to result in everything else being compromised.
Use an auto-generated password, and a password manager (like NordPass, DashLane, or LastPass)
Or, if creating your own password, avoid using parts of your name, your immediate family’s names, or dates of birth. Keep your passwords to a minimum of 12 characters, and use a mixture of lowercase letters, uppercase letters, numbers, and symbols.
If you’re creating your own password, check its strength and whether it appears in any data breaches at https://nordpass.com/secure-password/
Change your passwords regularly – especially if Instagram or another site you use emails you recommending you do so. Unless locked out, only change your password by accessing the site or app directly, don’t Google it or follow an email link from an unsolicited email.
Use Two-Factor Authentication
Two-factor authentication is a security feature that helps protect your Instagram account and your password. If you set up two-factor authentication, you’ll receive a notification or be asked to enter a special login code when someone tries logging in to your account from a device that Instagram doesn’t recognise.
Tap the profile icon or your profile picture in the bottom right to go to your profile.
Tap the more options menu (three horizontal lines) in the top right, then tap Settings.
Tap Security, then tap Two-factor authentication.
Tap Get Started at the bottom.
Choose the security method that you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Instagram, you’ll be asked to choose one of two security methods:
Login codes from a third-party authentication app (such as Duo Mobile or Google Authenticator). Note: Two-factor authentication through an authentication app can only be turned on using the Instagram app for Android and iPhone.
Text message (SMS) codes from your mobile phone.
You’ll need to have at least one of these set up in order to use two-factor authentication.
Note: After you’ve turned on two-factor authentication, you’ll be able to see login requests, remove trusted devices and access backup codes for your account if you have issues with receiving a recovery code.
Secure your email
Think about how many accounts across the web are linked to your email address…
It’s worth securing your email with two-factor authentication, or with email encryption, (or both!)
Don't buy or barter for likes
Some non-Instagram apps offer likes or followers in exchange for your Instagram login details. None of these services are affiliated with or endorsed by Instagram, and you shouldn’t use these apps or let anyone else access your Instagram account.
If you give these apps your login information, whether with an access token or by giving them your username and password, they can gain complete access to your account. They can see your personal messages, find information about your friends and potentially post spam or other harmful content on your profile. This puts your security, and the security of your friends, at risk.
Bear in mind that accounts that generate inauthentic activity are also against Instagram’s Community Guidelines. If it looks like you’ve shared your login details with one of these apps, we may remove any likes or other engagement that they’ve generated. Accounts that continue to use non-Instagram apps to get more followers may notice that certain parts of their Instagram account are limited. If you use one of these apps to gain likes or followers, your account may be disabled or terminated
Revoke unnecessary 3rd party apps
People commonly use Instagram as a sign-in method for apps like Tinder, games, and for photo editing tools. But, keep in mind that even if you haven’t used these in years, they still have access to your information.
If they have a data breach – like Tinder had in early 2020 – your details are there for the taking.
Tap the profile icon, or your profile picture in the bottom right to go to your profile.
Tap the more options menu (three horizontal lines) in the top right, then tap Settings.
Tap Security.
Tap Apps and websites, then tap Active.
Check every app listed – if you don’t recognise it, or if you don’t use it, tap Remove.
I've been hacked! What can I do?
If you think your account has been hacked or taken over, there are several actions you may be able to take to secure your account. Some of these recovery steps may not be available to you depending on the type of account you’re trying to recover, but we recommend trying them all.
Check your email account for a message from Instagram
If you received an email from security@mail.instagram.com letting you know that your email address was changed, you may be able to undo this change by selecting revert this change in that message. If additional information was also changed (example: your password), and you’re unable to change back your email address, request a login link or security code from Instagram
Request a login link from Instagram
To help confirm that you own the account, you can request that Instagram send a login link to your email address or phone number
To request a login link:
On the login screen, tap Get help logging in. (Android) or Forgot password? (iPhone).
Enter the username, email address, or phone number associated with your account, then tap Next. Note: If you don’t have access to the username, email address, or phone number associated with your account, enter the login information you most recently used, then tap Can’t reset your password? below the Next button and follow the on-screen instructions.
Select either your email address or phone number, then tap Next.
Click the login link in your email or a text message (SMS) and follow the on-screen instructions.
Request a security code or support from Instagram
If you’re unable to recover your account with the login link sent to you, you may be able to request support from Instagram:
On the login screen, tap Get help logging in. below Log in.
Enter the username, email address, or phone number associated with your account, then tap Need more help?. Keep in mind that if you have more than one Instagram account you may need to select the account you’re having trouble logging into first, then follow the on-screen instructions.
Tap Need more help? then follow the on-screen instructions.
Select either your email address or phone number, then tap Send security code.
If you don’t receive a security code, tap I can’t access this email or phone number below Send security code, then follow the on-screen instructions.
From the login link screen, tap Need more help? below Send login link. Select either your email address or phone number, then tap Send security code.
If you don’t receive a security code, tap I can’t access this email or phone number below Send security code, then follow the on-screen instructions.
Be sure to enter a secure email address that only you can access. Once you’ve submitted your request, you should receive an email from Instagram with next steps.
Verify your identity
If you submitted a support request for an account without photos of you, you should receive an auto-response email from the Support Team at Meta. They’ll ask you to help them verify your identity by providing the email address or phone number you signed up with and the type of device you used at the time of sign up (example: iPhone, Android, iPad, other).
If you request support for an account with photos of you, you’ll be asked to take a video selfie of you turning your head in different directions to help them check that you’re a real person and confirm your identity.
Once you submit the video selfie to help verify your identity, you’ll receive an email from Instagram at the secure email address you provided. They use this video to ensure you are a real person and that you are who you say you are.
Keep in mind that the video you submit will never be visible on Instagram and will be deleted within 30 days.
If they weren’t able to confirm your identity from the video you submitted, you can submit a new video and they’ll review it again.
Note: Instagram doesn’t use facial recognition, and they don’t use it in video selfies. They use video selfies to ensure you are a real person and may confirm with human review that you are authorised to access your account.
If you’re still able to log into your Instagram account
If you think your account has been hacked or an attempt to hack your account has been made and you’re still able to log in, there are things you can do to help keep your account secure:
Change your password or send yourself a password reset email.
Turn on two-factor authentication for additional security.
Confirm your phone number and email address in account settings are correct.
Check Accounts Center and remove any linked accounts you don’t recognise.
Revoke access to any suspicious third-party apps.
Someone changed the email on my Instagram account
If the email listed in your Instagram profile has changed, they’ll send two emails asking you to accept or reverse the request. To make sure the request came from you, one email is sent to the original email to deny the change and one is sent to the new email address to allow the change.
If you made the request to change your Instagram profile email:
You’ll need to accept the request from your new email account listed in your Instagram profile. This helps confirm that you have access to the email you’re requesting to associate with your Instagram account. They’ll also send an email to the original email account listed in your Instagram profile allowing you to reverse the request if it was not requested by you.
If you did not make the request to change your Instagram profile email:
You’ll need to deny the request from the original email associated with your Instagram account. The email will come from security@mail.instagram.com with a special link you can click to reverse the email change and help secure your account.
Keep in mind that they only initiate this process after an email is changed from the Instagram Profile page and that Instagram won’t change your Instagram email without your permission.
