DUBAI: A TV personality and content creator in Dubai has warned about phishing emails after her 10-year-old Instagram account was hacked and held for ransom last week.
Indian expat Uma Ghosh, who has over 50,000 followers, said the hacker apologised for hijacking her account but refused to give back access until he was paid $350 in Bitcoins.
“He threatened to wipe out all my pictures and videos,” recalled the certified health coach whose posts are largely centered around health, beauty and wellness. She said her ordeal began shortly after April 24 when she received an email seeking collaboration with a fashion brand.
“Since I routinely get such proposals on my Instagram account email I didn’t suspect any foul play,” said Ghosh who has endorsed several brands over the years.
Fake Instagram account
As it turned out, the email contained a malicious link which directed her to a fake Instagram signup page.
“It asked me to plug in my username and password which I did. Little did I know then that I was simply handing over my personal details to a cybercriminal,” she said.
She said she realised her mistake when she found herself locked out of her Instagram account @umagd and got an email asking for $350 to regain access.
“The hacker apologised in the email but threatened to start deleting my posts if I didn’t pay within two hours. Closer to deadline he sent another email to carry out the threat,” she said.
Ghosh, who used to host the TV show High Life Dubai, said she kept the hacker engaged for three days while trying to seek help from techie friends as well as report the problem to the Facebook-owned photo and video sharing social networking service.
“I rang up Instagram’s local office and shot off several emails but didn’t get any response. It was frustrating. What if the hacker had sold off my account to a third party or posted inappropriate content?” asked Ghosh who eventually wrested back her account with the aid of a techie friend.
In recent years, Instagram has been hit by a widespread hacking campaign which appears to have affected hundreds of users, leaving them unable to recover their accounts.
Victims say that despite going through all the necessary steps, the platform has yet to assist and the automated systems that Instagram uses for account recovery have not proved effective.
How to protect your Instagram account
Choose a strong password. Use a combination of at least six numbers, letters and punctuation marks
Change your password regularly, especially if you received a message from Instagram asking you to change it
Do not share your password with anyone
Turn on two-factor authentication for more security in your account
Make sure the email account is safe. Anyone who can read your email may also have access to your Instagram account. Change the passwords for all of your email accounts
Sign out of Instagram when using device that you share with other people. Don’t check the ‘Remember me’ box when logging in from a public computer, as this will keep you logged in even after you close the browser window you’re using.
Think twice before saving your password with any third-party app