When someone reaches out to you through Instagram direct message, they’re either sending you a post or their account got hacked, giving you the dreaded “check out what I made on Instagram” fraudulent message victimizing your account. College students' youthful ignorance creates an environment with low awareness, allowing hackers to trick them into clicking anonymous, unidentifiable links.
Last week, I received an unusually personalized direct message from someone who has nearly 20 mutual followers with my account, asking if I would endorse them for an award. The hacker wanted a screenshot of a text they sent me — never give out your phone number in direct messages. Suspicious, I took a picture of the text message that included a URL and sent it back.
Ten minutes passed, and I nearly forgot about the situation, so I returned to the app and found myself logged out. My original login did not work — but why? How did I get hacked without clicking on a link? Plus, they changed the associated phone number, email and password in minutes, bypassing any suspicions from Instagram’s security mechanisms.
But why should I be concerned about online identity theft?
Having your identity stolen can result in emotional and physical drainage stemming from false accusations. Other consequences include financial losses and added mental stress. In extreme cases, LifeLock reports that law enforcement can hold you responsible for criminal activity done under your name — even if it wasn’t by you.
After what happened to me, it was clear I needed to protect my other accounts (emails, IU, bank accounts and other social media platforms) rather than focus on getting back into my Instagram account I’ve had since I was 13 years old.
In the days following my hack, my mom’s and my credit card numbers were stolen.
Credit card numbers were not the only concern. If they had access to banking information via my email, they could have also accessed my 2021 tax returns — knowing my address, social security number and gross income.
Instagram has no phone number with helpful representatives. Instead, they utilize a help center to assist with problems. Rather than mocking mandatory two-factor identification for IU logins, be thankful Duo can be set up to secure your Instagram too. You should set this up because specific device authentication prevents random people from using your phone or email to login.
My dad had a great reaction. He said, “we should delete social media.” It’s funny — a theme I wrote about almost four months ago became applicable in an entirely new context.
Truthfully, I am like most college students: not hiding anything in my private Instagram account. I was concerned about the hack because someone obtained endless data about account analytics.
It was evident that all content was deleted from my initial account, but I was not concerned with the hacker’s access to it because people get hacked daily by clicking on misleading links.
Online identity theft is very common and could rise, according to Experian. Social media’s influential presence in college populations rationalizes heightened sensitivity to social media platforms; however, alternative places, such as public Wi-Fi networks or casually discarded documents containing sensitive personal information, can cause a breach of your data.
I am concerned people are too lazy to change passwords or do not think about all consequences involved in identity theft, so take five minutes out of your daily scroll through Instagram. For two minutes, set up Duo. And for the other three minutes, go change your email password.
John Hultquist (he/him) is a junior studying community health with a double minor in urban planning and community development and nutrition.