IG Accounts Hacked Warning

dsio · May 11, 2022

I sent out a PM to a few of the people asking but bottom line is TFA is the first defense, be skeptical of any unusual request no matter how benign it may sound and don’t click on or send anything unless you’re 100% sure what you’re doing.

pdxleaf · May 11, 2022

This was tricky because it came from an IG account of a fellow collector. Of course you want to help a buddy out. Thankfully it was such an odd request that it didn't work. But it came too close for comfort.

Thanks, Ash, for the explanation and advice.

dsio · May 11, 2022

Btw my personal choice as far as Authenticator apps just because I find its user interface to be friendly and like the fact that it isn’t tied to Google or Microsoft:

https://authy.com/download/

Authy is owned by Twilio, we use their email services here at Omegaforums but no other affiliation, they just made the product free to encourage better security which helps their business indirectly.

Syrte · May 11, 2022

bgrisso
I dont understand how this is still happening. is it still the same process that people are using to get control of the account. Figured this would be widely known.

I know at least of one person who got caught by surprise because it was late night and he was tired. But that was three weeks ago now, you’d think by now people would have gotten the memo.

JimJupiter · May 11, 2022

Thought so too. Still suprises me how many get cought 🙁

WatchDialOrange · May 11, 2022

Some one tried to pull the same IG hack on me tonight. My friend who had 2k followers was hacked so I just blocked him.

pmontoyap · May 11, 2022

Same thing happened to watches.second.life, I got a DM with the request for a screenshot of an SMS he would send me, he later claimed he had sent it (the SMS) and I was pretty sure I had never given him my number so I knew it was fishy. Sławomir now has a new Insta account, make sure to follow him by the way, definitely one of the best in the business.

josiahg52
I don't understand how this happens, rather, how it works. The whole screenshot of a link request. I'd like it explained but I guess would rather not let more people learn how to do it.

I don’t think that the screenshot alone would do any harm but it is a way to entice interaction, after which they will probably ask for an additional request, like using the link itself or what not.

Syrte · May 12, 2022

pmontoyap
I don’t think that the screenshot alone would do any harm but it is a way to entice interaction.

On the contrary the screenshot alone IS the harm- it is a link to reset your password !

Scarecrow Boat · May 12, 2022

To be honest, I’m not concerned my Instagram account is going to be hacked. The few on here who follow me know it’s completely unrelated to watches and too small beans (follower wise) to be the likely target; however, I still run TFA through a secondary app (Authy) as protection. I also have the text message password reset option turned off, which is what this scam focuses on. They can’t access my account without my unique TFA code through Authy, which gets regenerated every 30 seconds.

keepsonticking · May 12, 2022

How is it helpful or useful for anyone here to characterize those who made the error of clicking a link as "stupid?" I've been fortunate to not be the poor soul who didn't read carefully enough or may have been in a hurry, but I think those of us who are mortal and of sub 200 IQs are all completely capable of making a very simple mistake, such as clicking a link. Being infallible must be exhausting.

pmontoyap · May 12, 2022

Syrte
On the contrary the screenshot alone IS the harm- it is a link to reset your password !

I still don’t understand how taking a screenshot activates the link. Technology, it beats me. In any case I am glad I didn’t fall for it.

Scarecrow Boat · May 12, 2022

pmontoyap
I still don’t understand how taking a screenshot activates the link.

The screenshot itself does not activate a link. What it does is show the entirety of a private password reset link for a specific account. All one has to do is type that link verbatim into a web browser, and they’ll be able to reset someones account, and take it over.

IG Accounts Hacked Warning

dsio

pdxleaf

dsio

Syrte

JimJupiter

WatchDialOrange

pmontoyap

Syrte

Scarecrow Boat

keepsonticking

pmontoyap

Scarecrow Boat

Similar threads

New warning about hacked Instagram accounts

New Phone and IG Account

Likely hacked eBay account: buy-lightbulbs

$2.5K Loss in a Fraudulent Transaction with a Hacked Account

WARNING: WatchUSeek / Watchtalkforums owner Verticalscope Hacked