Taco shop owners in West Auckland have had their business Instagram account taken over by a hacker who then proceeded to message its 2000 odd followers assuming their identity and asking for help in reclaiming the account in order to add them to the attack.
The mechanism for the hack affecting Matt and Sue May of Murray of Piha came in the form of an email which was sent to the account's email address pretending to be Instagram, claiming an unknown device had logged into their account.
Friends and followers of the account who received the plea to help reclaim the stolen account received a somewhat personal and convincing message from the hacker assuming their identity.
It read: "Hey, I was trying to log into my Instagram page on my new phone and they ask me to find someone to help me receive a link, Instagram gave me suggestions from two friends and you are one of them, the other person is not online. Would you help me to receive the link please?"
May knows of four people who have been caught in the hacker's spread attack when they tried to assist in the claimed account reauthentication, in doing so they too have had their accounts stolen.
Kath Taylor of Sausie Posse in Wanaka had her account stolen on Wednesday morning after receiving the plea message. Once she had realised her account was also attacked, she messaged the hacker with her own plea for the account to be returned, the hacker replied by asking if she would pay for it.
Both Sue and Kath have gone through all reauthentication steps suggested by Instagram, including its facial recognition feature but none have been successful. They say they are both extremely annoyed and frustrated by a lack of support supplied by Instagram, which is owned by Meta, formerly known as Facebook.
Netsafe is an organisation offering advice to internet users in Aotearoa. Its Chief Technology Officer Sean Lyons says these types of attacks are common and are not limited to a specific platform.
The mechanism hackers use is a psychological one, creating an emotional response for the target to either help someone they know, or quickly attempt to safeguard their own personal information from a potential attack with a simple click.
He goes on to say that this again is yet another call for extra diligence when receiving these types of emails. Many organisations, such as banks, have moved away from this way of communicating with customers. Most will suggest people refer to their service source to resolve any issues.
How to keep your social media account safe
- Be sure to regularly change your password
- Add the two-factor authentication feature the account provides
- Beware of suspicious and potential phishing emails
In terms of recovering a lost account, Lyons says it is worth persevering with any suggestions provided by the service provider in order to reclaim your account. If you are still at a loss Mr Lyons suggests you contact Netsafe for further advice.
Instagram's parent company Meta has failed to reply to 1News inquiries.