Hackers are Stealing Top Instagram Accounts
By: Taylor Lorenz, The Atlantic
In early October, a publicist received an irresistible message via email. The publicist’s client is a top “influencer”—someone who leverages a social-media following to exert influence and, usually, make money, often by selling sponsored posts. “We would be extremely interested in a business partnership,” a man calling himself “Joshua Brooks,” wrote. His pitch was eye-popping: He was offering “80 Thousand US Dollars” for a single picture. Yes, Influencer Accounts Being Stolen by Hackers.
The publicist hastily agreed. Brooks, who claimed to have worked with other internet stars including Bella Thorne, Amanda Cerny, and Jake Paul, said that to get started, the influencer would simply need to log in to a third-party Instagram analytics tool, Iconosquare—a common request; many brands use tools such as Iconosquare to track the success of their influencer campaigns.
But the link Brooks sent wasn’t to iconosquare.com—it was to lconosquare.biz, a cloned version of the site set up for phishing. Once the influencer logged in with the Instagram username and password, Brooks seized control of the account. Within minutes, he was spamming the influencer’s millions of followers with offers for a free iPhone.
Brooks has targeted several YouTubers, Instagram stars, and meme pages and used the stolen pages to promote scammy-looking apps and fake offers for free products. In the past month alone, he has seized @Fact, with 7.2 million followers; @Chorus, with 10.1 million; and @SnoopSlimes, with 1.9 million. After the accounts are seized, the hackers update the account’s bio to say “managed by SCL Media” and begin reaching out to brands via direct message, telling them to negotiate sponsored-content deals with SCL, not with the previous account holder, going forward.
According to its website, SCL Media is “a tech-media company building content brands for multicultural and niche audiences.” Its website lists clients including Netflix, Microsoft, and Comedy Central. But representatives from all three companies said they have no affiliation with SCL Media, nor have they worked with the company in the past.
Read: Stealing Social Media
The influencer-marketing industry has exploded over the past several years. According to a 2017 study by Influencer Marketing Hub, 420 new influencer-marketing agencies opened in 2017 alone, more than double the amount that opened in 2015. “We’ve seen the industry go from a rising marketing tactic to an essential part of most marketing budgets,” one executive wrote in Adweek. Analysts estimate it’s currently worth more than $2 billion and could reach up to $10 billion by 2020.
But this very lucrative, very new market still lacks critical infrastructure. There’s no standard method of communication, no formalized negotiation process, and, often, no paperwork. Rates can range widely from brand to brand and are often hashed out entirely via direct message. And because sponsored-content deals typically happen beyond Instagram’s official advertising mechanisms, the company is all but powerless to stop scams.
Eric Toda, the head of marketing at Hill City, a Gap brand, said that the influencer industry right now is like the Wild West. “You see a lot of people selling snake oil,” he said, “because the market is so saturated.”
Influencers as young as 13 are entering into brand deals with zero experience in negotiating high-value business partnerships. It’s all too easy for a scammer to entice them with the promise of a big paycheck, then hack their accounts or escape without paying. “It’s an underground world, and what a lot of people are doing is representing themselves as Insta experts when they’re hackers and scammers,” explained Lisa Navarro, the founder of Espire, a digital marketing agency that works with influencers. “They’re stealing accounts from children.”
Ruvim Achapovskiy, the founder of Social Bomb, a social-marketing agency in Seattle, said he’s seen branded-content scams increase sharply over the past year. They’ve also gotten more sophisticated. Hackers sometimes create their own fake brands to phish influencers, but often they pretend to be representatives from real companies. “They’ll set up some sort of username that’s something that seems like it would be legit, like @LuluLemonAmbassadors,” Achapovskiy said. “They’ll use all the company logos, make it seem as legit as possible, make the bio seem normal, use the company’s mission statement. It’s super simple.”
Once hackers gain control of an influencer’s account, said Moritz von Contzen, the founder of the Dutch social-media agency Avenik, they’ll often hop into the account’s direct messages and begin spamming other influencers with the same phishing links, before the hacked influencer even knows what’s happening.
Von Contzen said he sees this scam play out over and over again. He even fell for it once.
A year and a half ago, von Contzen was running a luxury-lifestyle-themed Instagram account with nearly 300,000 followers when someone reached out about a collaboration opportunity with several brands, some of which were well known for reaching out to influencers directly. “I was super young and inexperienced, so I was really excited,” von Contzen said. He logged in to the Instagram analytics tool the “brand representative” had provided. “It all looked legit. But as soon as I logged in and gave my password, I went back into my Instagram and bam—my Instagram was gone, and that was that.”
For young influencers with no direct contacts at Instagram or Facebook, it can be nearly impossible to retrieve a stolen account. Hackers will change the contact email address and phone number, and reset the username so the account is impossible to find. Then they’ll run ads on it until they can sell the whole page off for a large price, sometimes for more than $100,000.
Faisal Shafique, a college student who Instagrams under the handle @Fact, said he earns roughly $300,000 a year from posting sponsored content for brands like TikTok and Fashion Nova. When Brooks seized control of his account several weeks ago, it put those brand deals in jeopardy, potentially costing Shafique his livelihood. Shafique was able to retrieve his account before it was sold off, but he estimates that he would have lost a half a million-dollar property if he hadn’t.
Rachel Taton wasn’t so lucky. She began posting to an account called @BestScenes five years ago. By 2014, it had grown to become one of the largest meme pages on Instagram. Two years ago, she lost it to a hacker. Brooks’s particular scheme hadn’t taken hold yet, but she thinks someone obtained her password through other means. Throughout the years, she’s watched helplessly as her old account has changed owners, changed names, and run sponsored content for major brands. It’s now operating under the handle @FunStuff with 1.3 million followers.
“I realized how fast everything could be taken away from me,” Taton said. Shortly after her account was stolen, she quit the influencer game. “I realized that my priority should be focusing on a real job, something that can’t be taken away from me,” she said.
All the influencers I spoke to said brands have a responsibility to be more diligent about who they work with. Greg owns a network of Instagram pages with 50 million followers and asked to be referred to by a pseudonym to protect his clients. He said he’s seen several campaigns from mainstream brands running on pages that he knows to be stolen.
But, he added, the brands themselves likely don’t realize this. Many rely on third-party media-buying or advertising agencies to negotiate the terms of sponsored-content deals across the whole Instagram market. Sometimes a brand will vet particular pages, but Toda said that happens “very rarely.”