Wizer Free Security Awareness Blog

how an entire 9th grade was hacked on instagram

Written by Gabriel Friedlander | Aug 4, 2021 11:37:19 AM

An entire 9th grade was hacked in a chain attack. Basically, what happened was once the attackers hacked one account they used that account to attack the victim's contact list.


Here is how it happened. Emma and Mia are friends, so when Emma texted Mia that she is on the 2021 Top Ugly List... you can imagine how Mia felt. Mia didn't know that Emma's account was hacked and it wasn't Emma who was texting her, it was the attacker. 

 

To make it feel more authentic and to get Mia to ask for the link, the fake Emma didn't share the link immediately, instead she wrote that she is also on the list.

 

Mia, is now asking for the link and the fake Emma is happy to send her a phishing link. Mia is so upset that she doesn't think twice and clicks on the fake link. Even though the link isn't the official Instagram site, it still makes sense because it's "Instagram lists" - maybe there is a specific link for lists... 

At this point, Mia is trying to log in to the fake Instagram login and the attacker is able to steal her user name and password, change her password, and lock Mia out of her account.

Now that the attacker has access to Mia's account, the attacker becomes a fake Mia and is using Mia's account to attack Mia's friends. In this case, the attacker is going after Ava. And it kept going like this until the entire grade was hacked.

How to AVOID this type of attack

  • Don't automatically trust anyone, including your friends and family. People get hacked all the time, so you can’t assume that it’s actually your friend that texted or emailed you. If something doesn’t feel right, call and check they really sent that to you before clicking on a link.

  • If something causes you a strong emotion - excitement, anger, fear, sadness - STOP. Scammers use our emotions to get us to react instead of think reasonably. Also, curiousity is a powerful tool scammers use like in this example of the Ugly list. So if something is asking you to sign in to view something, don't. Instead, you got it. Call and check with the real person to see if they really sent you the message.

  • Don’t log in through links anyone shared with you. Instead, manually log in by typing the official URL.
     
  • Use Wizer Free Security Awareness to train your team or share our Family Portal with your friends and family to help raise awareness and keep your loved ones safer.

Full Video

 
View full post