Go Back

how an entire 9th grade was hacked on instagram

#Common Scams #Family #Teens

An entire 9th grade was hacked in a chain attack. Basically, what happened was once the attackers hacked one account they used that account to attack the victim's contact list.


Here is how it happened. Emma and Mia are friends, so when Emma texted Mia that she is on the 2021 Top Ugly List... you can imagine how Mia felt. Mia didn't know that Emma's account was hacked and it wasn't Emma who was texting her, it was the attacker. 

Screen Shot 2021-08-04 at 5.37.33 AM

 

To make it feel more authentic and to get Mia to ask for the link, the fake Emma didn't share the link immediately, instead she wrote that she is also on the list.

 

How an entire 9th grade was hacked on instagram - Step 2

Mia, is now asking for the link and the fake Emma is happy to send her a phishing link. Mia is so upset that she doesn't think twice and clicks on the fake link. Even though the link isn't the official Instagram site, it still makes sense because it's "Instagram lists" - maybe there is a specific link for lists... 

How an entire 9th grade was hacked on instagram - Step 3

At this point, Mia is trying to log in to the fake Instagram login and the attacker is able to steal her user name and password, change her password, and lock Mia out of her account.

How an entire 9th grade was hacked on instagram - Step 4

Now that the attacker has access to Mia's account, the attacker becomes a fake Mia and is using Mia's account to attack Mia's friends. In this case, the attacker is going after Ava. And it kept going like this until the entire grade was hacked.

How an entire 9th grade was hacked on instagram - Step 5

How to AVOID this type of attack

  • Don't automatically trust anyone, including your friends and family. People get hacked all the time, so you can’t assume that it’s actually your friend that texted or emailed you. If something doesn’t feel right, call and check they really sent that to you before clicking on a link.

  • If something causes you a strong emotion - excitement, anger, fear, sadness - STOP. Scammers use our emotions to get us to react instead of think reasonably. Also, curiousity is a powerful tool scammers use like in this example of the Ugly list. So if something is asking you to sign in to view something, don't. Instead, you got it. Call and check with the real person to see if they really sent you the message.

  • Don’t log in through links anyone shared with you. Instead, manually log in by typing the official URL.
     
  • Use Wizer Free Security Awareness to train your team or share our Family Portal with your friends and family to help raise awareness and keep your loved ones safer.

Full Video

 
Gabriel Friedlander

Gabriel Friedlander

Gabriel Friedlander is the Founder & CEO of Wizer, whose mission is to make basic security awareness a basic life skill for everyone. Wizer has been rapidly growing since being founded in 2019, and now serves 20K+ organizations across 50 countries. Before founding Wizer, Gabriel was the co-founder of ObserveIT (acquired by Proofpoint). With over a decade of experience studying human behavior, he is a prolific content creator on social media, focusing on online safety to elevate public understanding of digital risks. His engaging 1-minute videos have captured the attention of millions worldwide, going viral for their impactful messages.

Follow me on LinkedIn