After a night at the movies, fabric merchant Noel Chapman got a text from a friend in Italy as he rode the tube home.
It said, “Look at your Instagram; something amusing is happening.”
He could put together what it meant – that his company’s Instagram account, which has 9,000 followers, had been hacked – in between Wi-Fi connection periods at each stop.
At 8:05 pm, Instagram notified him that the account’s email address had changed. “Three or four further notifications said that a two-factor authentication had been established and the password had changed.”
But when Noel contacted Instagram, he discovered that it would be harder than he thought to get back into his account.
“I rushed immediately to Instagram’s support center, where I was on hold until 1.30 am.
“Nothing happened when I reported it as a hack or impostor. It’s time you lose attempting to find assistance. They haven’t even deleted the account; the hackers still use my identity, and I’m still dealing with the consequences.
With 230 followers, Noel’s new Instagram account doesn’t have the same reach as his previous one.
“I had more than 9,000 fans. I misplaced them all. Some of them were clients, albeit not all. It served as my address book because of the messages and the contact information. I’ve been in business for five to six years and never got access back.
Ugo Massabo, a Cornish Italian restaurant and deli proprietor, had a similar incident in February. When he opened a spam link posing as Instagram’s application for a verified blue badge, he had just ended his shift in the kitchen.
A notification informing him that a £350 ransom was required to restore control of the account was subsequently delivered to him.
I felt violated, he claimed. My company, photos, and tales have all been taken away for ransom.
Furthermore, you feel helpless since no one is around to assist you.
I got a response from Facebook apologizing but explaining that my case is beyond their purview.
Facebook and Instagram said they would look into these incidents more thoroughly when contacted for comment.
What should I do now that I’ve been hacked?
However, the two company proprietors are not alone. According to a study from the Cyber Resilience Centre for the West Midlands (WMCRC), from 2021, £3.8 million was lost within a year from unprotected social media and email accounts.
The best course of action if your company’s social media account has been compromised is to enter complete lockdown mode. All accounts should be suspended, and their login information should be changed to secure passwords on your social media accounts and on all other places where private information is kept.
Initially, it could not have been the compromised social media account but rather an email address connected to the business. That opens the door to altering login information on other platforms.
Hackers likely took over using a malware assault, which included a dubious link that a worker may have clicked on. Scan all corporate PCs for malware.
Then turn on two-factor authentication after notifying the social media provider.
Informing your customers and the general public about the incident and issuing an apology for the information they would have been exposed to is a smart idea once you have recovered access to the account.
You may also inform Action Fraud about the breach.
How can I protect my social media accounts from future attacks?
With 39% of firms reporting cybersecurity breaches in the last year, the danger posed by hackers to small businesses is growing.
#1 – Limit the number of individuals: Who have access to social media accounts and enable two-factor authentication. Whenever a new IP address tries to log in to the platform, this will send an SMS message to the account administrator’s phone.
#2 – Use unique passwords for every platform: Making sure secure passwords for many websites prevents attacks from spreading and infecting other parts of the company. Password managers can help you create safe, one-of-a-kind passwords.
#3 – Be cautious while using links: Regarding security, staff and human error are any company’s main weak points.
#4 – Examine the security settings on social media: You may enable secure browsing and login alerts.
Thanks to Facebook, Noel Chapman’s Instagram account was reinstated after the article was published.