How a Small Business Owner Recovered from a Cyberattack
The following post details a discussion between Phishing for Answers and Sarah Albert, a small business owner whose Instagram accounts were hacked in May 2022. Sarah describes how fraudsters took control of her social media and messaged all of her contacts, resulting in several weeks’ worth of lost income. Read more to learn how she took back control of her social media accounts following the cyberattack.
Building Her Business
Sarah poses in front of her artistic paintings.
Meet Sarah Albert, a Washington, DC-based artist and small business owner. She runs SarahPaintsRappers, an art business that creates colorful portraits of mainstream music artists (Instagram: @sarahpaintsrappers; Etsy: etsy.com/shop/SarahPaintsRappers). She began painting after being furloughed from her full-time job at the start of the COVID-19 pandemic. In less than 2 years, SarahPaintsRappers grew into a sustainable business, mainly thanks to social media. Sarah launched business accounts on Instagram and TikTok, where other influencers shared her content and allowed her to amass thousands of followers and build a lasting venture.
Sudden Account Compromise
However, in May 2022, Sarah was forced to stop painting when unknown hackers took over her account. She explained that it all began when she received a message via Instagram from another alleged artist, who claimed to be participating in an art competition and was asking Sarah for her vote. Sarah stated that the message came from a seemingly legitimate account and as an artist, she frequently helps other artists promote their work. After having replied to the message, hackers sent a code to her personal mobile phone and after she verified it online, they took complete control over Sarah’s business and personal Instagram account.
These fraudsters worked quickly. Within minutes, they changed the emails and phone numbers linked to the accounts, and also added backup recovery codes and two-factor authentication (2FA). This was an enormous obstacle because one of Instagram’s first recommendations in recovering a stolen account is to change the password. This would be impossible for Sarah, as the attackers changed all of the user contact information associated with the account. As an additional measure of control, the hackers unlinked Sarah’s Facebook profile from the Instagram accounts and instead associated new Facebook profiles with the stolen Instagram accounts.
Big Tech, Small Help
Over the next few weeks, Sarah made every possible effort to contact Instagram and its parent company, Meta. She emailed all of the customer support, security, and anti-phishing services listed on Instagram’s website. Included in her emails were personal photographs, contact information, and screenshots of text messages and emails – all necessary evidence that the company would need to verify that she was the true owner of the breached accounts. When she failed to receive a response, Sarah messaged Meta employees on LinkedIn and leveraged personal connections to send internal emails at the company.
While Sarah urgently exhausted every avenue to take back control over her social media, the hackers were multiplying their efforts to breach other accounts using the same tactics. According to Sarah, the attackers messaged many of her followers and were able to take control of a few other accounts as well. Some other users actually reported the fraudulent messages to Instagram, which failed to take action.
A Video to Remember
It quickly became clear to Sarah that she had to pursue alternate methods. She decided to do a video verification in which users can upload videos of themselves to Instagram to confirm that they are the authentic, human owners of a compromised account. Although this method ultimately was successful in retrieving her personal Instagram account, Sarah was still unable to regain access to her business account. At this point Sarah had lost at least two weeks’ worth of income and had started a position at a restaurant to support herself.
Just when it seemed as though there were no other avenues for Sarah to pursue, an opportunity presented itself. One of Sarah’s Instagram followers, who had also become victim to a cyberattack as a result of Sarah’s account compromise, had successfully retrieved her own accounts. This particular contact was helpful, as she was featured in a post on Sarah’s business Instagram account and therefore, could potentially assist in verifying Sarah’s identity to Instagram. The two women met and created numerous video verifications with various lighting options and hairstyles until achieving success. After weeks of nonstop calling, emailing, and Googling, Sarah finally regained control over her business Instagram account.
Lessons Learned
Sarah recounts her story on WDVM local news.
When asked what steps she has taken to better secure her social media, Sarah was prepared with many answers. Apart from creating a new associated email and Google Voice number, she has downloaded backup codes that are refreshed every month. Additionally, she employed 2FA, changed her Facebook account password, and unlinked her personal Instagram from her business one.
Although she may have regained control of her accounts, Sarah acknowledged that the cyberattack caused a major setback in her business. Beyond the temporary loss of 8,000 followers and a notable decrease in sales, she explained that there is now a lack of trust in her Instagram account. Furthermore, in her efforts to publicly share details about the incident, Sarah noticed additional Internet scams targeting users whose accounts had been compromised. For instance, after posting on TikTok about her experiences, she observed that suspicious users were tagged in her posts who claimed they could help get accounts back.
Social media hacking is on the rise, and while any user is theoretically a target, small businesses are especially vulnerable. In 2021, a reported 74% of small businesses utilize social media on a weekly basis, meaning they rely on social media use for their operations. In order to reduce their own attack surfaces, these businesses must incorporate the above-mentioned security measures that Sarah adopted herself. While attackers are adding new tools to their arsenal for scamming and social engineering, social media users can accept new approaches to Internet vigilance and account security.
Want to learn more about social media hacking and some actionable tips you can take in the event of an account compromise? Check out Phishing for Answers’ previous post, Your Social Media Account Was Hacked - Now What?
Approved for Public Release; Distribution Unlimited. Public Release Case Number 22-2091. The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author.'©2022 The MITRE Corporation. ALL RIGHTS RESERVED.