A war in the cyberworld continues to escalate, and pubs are being targeted for their online and social media presence and unsophisticated understanding of the threats.
Many venues put a lot of time and energy into their Instagram and Facebook accounts, developing a following and acting as a vital point of engagement with existing and potential customers.
These become digital assets the business nurtures and manages from comments and reviews – but what about from hackers?
The techniques being employed to fraudulently access accounts continue to grow more sophisticated.
An Instagram hack might begin with strange activity or unauthorised posts, or you can’t log in, despite being 100 per cent certain of the username and password.
Tash Chapman, manager at social media and PR agency Papaya, manages multiple accounts and says she has noticed a “worrying trend” of hospitality venues losing their Instagram accounts to scam attacks.
“Even with seemingly solid security protocols in place, over the last few months I have witnessed multiple Instagram accounts of clients become the victim of hacking operations.
“What I’ve learned is that it is much easier to protect and prevent rather than retrieve a stolen account.”
The process of regaining control of a hacked account through parent company Facebook is “challenging” and relies on a help system that is largely unresponsive.
Chapman offers best-practise advice on protection and procedures, which apply to Instagram but are relevant to digital security in general.
#1 Account details
Ensure account details are correct and current – meaning a phone number and regularly used email address. These are the first things hackers will try to change, but before they can Instagram will notify you to check the changes are legitimate. A quick response will halt the change and likely prevent the attacker from taking over.
#2 Two-Factor Authentication
This can apply to many digital platforms. While it may seem an annoying additional step, every time someone tries to access your account from an unrecognized device, you’ll be prompted to verify it is you.
Chapman stresses “Make sure it is turned on. In fact, do it now”.
“Each time you need to verify your login, you’re stopping someone unauthorized from accessing your account!”
To enable: log into your account, tap the ‘hamburger’ (three lines in the top right-hand corner), go to ‘Settings, Security and Two-Factor Authentication’.
#3 Suspicious Messages
The most common way for Instagram accounts to get hacked is through a fake direct message through Instagram, pretending to be from a real Instagram team, saying something like “get your account verified” or threatening a violation of rules and policies, and offering a link to begin getting things back in order.
If there is a legitimate problem, Instagram will send an email to the registered address. The company will never send a direct message like this, and you should never click on a link that’s been sent in this way or share account details – even if the message looks legitimate.
Click the link and the hacker will gain access to the account and likely lock you out.
#4 Recover a hacked Instagram account
If you suspect your Instagram account has been hacked, it’s important to take action as soon as possible.
Begin by checking the registered email address for a notification from Instagram. If there is an email saying the email address has been changed, within the message will be a ‘revert this change’ option.
If this is unsuccessful, use the ‘forgot password’ function to request a login link from Instagram, and enter a secure email address. Watch for the Instagram email, which will contain next steps to follow.
Chapman says if all else fails, report the account problem to Instagram and submit a support request.
EDITOR’S NOTE:
We maintain multiple websites, and use commercial-grade security software to beat off the barrage of miscreants that attempt to gain access. This software literally fends off hundreds of attempted logins, sophisticated and ‘brute force’ attacks every day.
However, our websites are hosted on custom web servers managed by a provider, and this week, around 12 hours after publishing our latest Webazine, some sneaky bugger somehow got where they didn’t belong in the server. At first a couple of links in the Webazine stopped working, then the whole server crashed for nearly 12 hours.
If you haven’t yet seen our December Webazine – check it out – but if you tried between Tuesday afternoon and Wednesday morning and could not access, our sincere tech-attacked apologies.