It was a normal working afternoon for me, rushing to follow up on as many work emails as possible, when the worst thing happened- I unknowingly clicked on a “phishing link”.
The Email Looked Legit and Used a Well-Known Brand to bait me.
The email came through into my important folder and was addressed to me in a professional manner. I don’t normally click on links until a second response from potential clients/partners, but they inquired about my rates and I immediately recognized the brand, so I fell for it. And yes, I clicked. The link took me to @frankiesbikinis Instagram page, which I knew well from other friends and their previous partnerships. But while Frankies Bikinis is a REAL brand, the link that led me to their page was laced with a trap link, which I discovered in my browsing history a couple hours later.
Here’s a look a the the email that I received.
You can see the link below at 11:37 that shows my click through to Instagram and the so called “@FrankiesBikinis” page.
But upon closer inspection, you’ll see that the link took a pit stop by a site called “ingatram.ru” which was the doorway between my screen and that of the hacker.
About 30 minutes later when Instagram asked me to re-log in, I did so from the safety of my own browser. I didn’t imagine that my screen had been hacked recently and the the hackers were waiting for me to sign in so that they could steal my entire account… But within minutes, that’s exactly what they did.
MY INSTAGRAM COMPLETELY VANISHED!
I realized my account was down on my way to pick up Ella after a 45 minute long appointment. I thought it was an issue with my phone for the first few seconds and then double checked a few different things before realizing that my entire account- username and everything had VANISHED. There was no way to get in because they didn’t recognize a username called @lavendascloset. There was no option for password recovery. Nothing. To Instagram, my account had never existed.
Within 20 minutes I was back home and though I was panicking, I knew that I’d have to think fast. Taking the stairs two at a time, I began scouring websites and chatrooms for insight on what was going on. I suspected a hack, but couldn’t be sure. Once I got to my computer I opened up my email to see this message from my hacker:
THE HACKERS THREATENED TO DELETED MY ACCOUNT The hackers emailed me only AFTER changing my email, the username AND password to my account. They wanted to let me know that they had full control over the account and then began to threaten deletion of my content and account if I did not do as they requested. They were literally holding my account hostage for ransom.
You can see the email addresses they used above. I recommend you keep an eye out for this, but I’m pretty sure that they change these out periodically to remain anonymous.
THE CHECK-LIST YOU SHOULD FOLLOW IF YOU’VE BEEN HACKED
While on the phone with Luke, we poured over every account of bloggers being hacked we could within one hour. My immediate instinct was to stop and make a plan, because I hate reacting or lashing out in situations like this. (Well, my first thought was to take a nap, but the second thought was to stop and think, I swear!) Luckily I had Luke on the phone with me to reinforce keeping calm after a short (but necessary) breakdown. I dried my eyes and began to follow THE CHECKLIST that I found over and over again online.
- I went into my email and found the “change of email” notification from Instagram. I revoked access to the new email that they changed it to immediately.
- I looked over my history to see what the hell had happened and how they had hacked my account. I discovered the fishing link and spoof account within minutes.
- I changed the passwords to my email, facebook, bank and other Instagram accounts immediately.
- I filed a claim that my account had been hacked.
- I drafted a response to my hackers.
After realizing that these people had wiped out my account, I knew that I’d have to hear them out and buy some time. So I began a dialogue with them. I remained calm and professional, asking lots of questions. I asked for proof that my account was still up. They denied this numerous times. I asked them what they wanted. They responded with the obvious answer- money.
THE HACKERS WANTED ME TO SEND MONEY
Of course they wanted money. They had gone through all of that trouble to send emails out to business owners like myself, knowing full well that our livelihoods depended on our Instagram Accounts. They had scoped us out as vulnerable prey to their cyber crimes and moved quickly to pin us into a corner. And they wanted $700.
I looked at my accounts and was already getting streams of text messages and alerts from friends who had noticed my account had vanished. One friend sent me these screenshots:
I knew that the longer I waited, the greater the risk for them to lose interest or move elsewhere to try and sell my account. I read SO many accounts online about bloggers who paid and then had the hackers return their accounts within hours. I also read about bloggers who never paid and lost their accounts for good. And of course, there are tons of accounts with stories across the board. Some girls had luck getting their accounts restored through IG Support and others through a personal contact at Facebook. The one thing that set my situation apart from most of these stories, was that my account seemed to already be fully DELETED. When I submitted a form through Facebook OR Instagram, both channels concluded that my account had either been fully deleted or that it was an issue they couldn’t address. I was hitting dead ends every recommended step I took.
So after hours of this, plus back and forth and negotiation with the hackers, I PAID THEM.
WHY I PAID THE HACKERS
I paid them because this is my life you guys. This is my rent and my food and my security. Lavenda’s Closet is the clothes on my daughters back and my entire livelihood; my career, full time job and way to make a living. So I paid them $465 via Money Gram. And you know what? I’m pretty sure that was a mistake.
Here’s a picture of my account before it was hacked. When it was at the full 236,000 followers and included 4 years of blogging photos, plus a couple years of personal life. 6 Years total.
I think it was a mistake, because after further investigation I found out that if- and this is a HUGE “IF”- If you can get someone to help restore your account- the chances are incredibly slim that the hackers will delete it. If you follow the steps that I did within these first two hours- revoking their access and locking them out- your account will still exist online. And even if they hack their way back in, your account is MORE VALUABLE with all the followers and history intact than a truly deleted account. There’s an entire market out there for high- follower, pre-built accounts. A black market where you can buy someone’s life work and claim it as your own essentially.
The terrifying part is that IF YOU CAN’T FIND SOMEONE TO HELP on a personal level, your account could also be lost forever. Which I can’t say for certain hasn’t happened to mine. I don’t know if I’ll get my account yet back. 6 years of my life and over 4 years of my business that I built from the ground up… I have some wonderful people helping behind the scenes to see if they can get it in the VIP line amongst thousands of hacked accounts- to see if Instagram will restore it with the information we’ve tracked down.
WHY YOU NEED A PERSONAL CONTACT TO MAKE THE CLAIM
The resounding consensus from all the forums, groups and blog posts is to find a personal contact at Facebook or Instagram to help restore your account. Instagram has a terrible, automated support system set up that continued to pull me around in circles after 3, 4 and then 5 attempts. They told me my account was deleted, then when I provided proof that my account was still online, but disabled, they claimed that they could not help me. They sent me down another rabbit hole that led to one more dead-end. If you don’t have someone willing to manually look through and verify your information, someone to input exactly what the system needs in order to recognize YOUR SPECIFIC ACCOUNT, you’ll never get it restored. The system can only detect what it can detect, you know?
Below is a preview of an ACTIVE ad that proves my account is still online, but when walking through the automated process, this is not taken into consideration…
This is why I took to Facebook and Instagram to get crowd-source some help. I knew that someone I knew probably knew someone else who knew someone at Facebook, ha! And sure enough. Just today, I’ve had a couple of people reach out and offer to personally help with my account. This is tough, because you can’t just ask another blogger for their “contact”. I’m sure these people are flooded with inquiries all the time. So instead of knocking on individual doors, I simply told my story online and asked for people to share my plight in hopes that someone would be inspired to help of their own accord.
LEARN FROM MY MISTAKE PLEASE!
After I paid, the hacker who stole my account stopped responding to me. He picked up his money, likely realized he was locked out and then shut down shop. Or maybe he never intended to return it in the first place. His name, by the way, is Anatoly Hanin and he’s running his hacker-business from the Ukraine. I know this, because after realizing a BitCoin payment would take days to execute, he requested a MoneyGram and Moneygram requires this vital information.
It’s only been about 36 hours since the original hack, yet I already have so much peace about the situation. My heart aches for Anotoly and the reality of his life- prowling the internet, stealing from the innocent and extorting them for a quick cash-out. That existent sounds terrible, lonely and sad. While I’m not sure what the next few days, weeks and maybe years may hold for me at this point, I’m so grateful to God for surrounding me with a wonderful community, a God-sent partner (Love You Luke) and beautiful family. I have everything that it’s important right here and no one can steal that away with a fishing link. No one.
UPDATE: To Get Your Account Back READ MY NEW BLOG POST