A Vancouver small business owner’s Instagram account was recently taken over in a disturbing new scam where hackers gain access to a user’s account and attempt to defraud their contacts — all while posting about bitcoin mining.
Anita Sikma has designed custom jewellery pieces for the last 15 years, and Instagram was an important way for her to attract customers, showcase her portfolio, and interact with clients. It was incredibly stressful losing access to her account while watching the hacker try to impersonate her — and on top of it all, she says Instagram hasn’t done much to help.
“It’s just been a total nightmare,” she said. “This is my livelihood, and it’s been totally compromised.”
It all started Saturday morning when Sikma got a message from a friend in Toronto asking for help logging back into her Instagram account. Not knowing the friend’s account had been hacked, Sikma obliged.
A text came to Sikma’s phone from a five-digit number containing a link to ostensibly access an Instagram account. Sikma was told not to click but instead to screenshot the message and send it back to her friend over Instagram.
But then an email came from Instagram saying someone logged into her account in Toronto. She tried to say the login wasn’t her, but the hacker had already changed the email and phone number associated with both her personal and business accounts.
The hacker began posting about bitcoin mining, sharing photos of a $10,000 wallet balance and a Mercedes SUV. On stories, the hacker encouraged her followers to message third-party coaches to reap high returns of their own.
On top of the public posts, the hacker also direct-messaged many of her clients. They tried to get the clients to send money via wire transfer — ostensibly for one of Sikma’s rings. In one instance, they even told a client not to use Sikma’s e-transfer email they’d used for a previous purchase.
You know that bitcoin mining Instagram hack that’s going around? This is what goes on in the DMs:
Hacker impersonates this jewelry designer trying to defraud her clients out of hundreds pic.twitter.com/Ec05cgy5Pk
— Megan Devlin (@MegDevlinn) April 28, 2022
“It’s creepy … just knowing this person is messaging everybody on my contacts list, just picking up conversations that were left off with clientele and impersonating me asking for money. It’s just really scary because it’s also fraud.”
Daily Hive requested a comment from the hacker, but they did not reply. The accounts the hacker tagged in their stories are no longer active.
Instagram hacks leading to bitcoin scams are becoming more common, Canadian Anti-Fraud Centre spokesperson Jeff Horncastle told Daily Hive. The Instagram user typically receives a message from a friend asking for help resetting their password, and the suspect sends a reset link.
But when the victim clicks the link, it gives the suspect access to their Instagram account — which the hacker uses to lure their contacts into an investment scam.
The CAFC didn’t have a total for the number of times this fraud has been reported, but it did say investment scams had the highest reported dollar loss in 2021 — with victims losing a combined total of $164 million.
- You might also like:
- Vancouver-based rental platform adds bitcoin as payment form
- Crypto fraudsters have swindled British Columbians out of $3.5M this year
- Vancouver small business wants answers after Instagram ripped down their account
“The majority of the investment scam reports involve Canadians investing in cryptocurrency after seeing a deceptive advertisement. It typically involves victims downloading a trading platform and transferring cryptocurrency into their trading account,” Horncastle said. “In most cases, victims are not able to withdraw their funds. It is very likely that many of the trading platforms are fraudulent or controlled by fraudsters.”
The CAFC advised users to beware of deals that seem too good to be true, unsolicited messages, and people who communicate with a sense of urgency.
View this post on Instagram
As for Sikma, she resorted to starting a fresh account when multiple requests to Instagram’s Help Centre went nowhere. But things took a turn on Wednesday evening, when a Meta employee helped her regain access after Daily Hive got in touch with the company’s media relations department.
“I have a lot of cleaning up to do, over the last four days my hacker messaged thousands of people every hour and linked both accounts to hundreds of other scammers, blocking some of my dearest clientele,” Sikma wrote in a post on Thursday.
A spokesperson for Meta, the company that owns Instagram and Facebook, told Daily Hive it has “sophisticated measures” in place to stop hackers in their tracks before they gain access to users’ accounts as well as avenues for people to recover their accounts.
“We know we can do more here, and we’re working hard in both of these areas to stop bad actors before they cause harm, and to keep our community safe,” the spokesperson said.
The spokesperson did not answer questions about specific additional measures to combat fraud nor say how many accounts have been affected by scams such as this.
The Meta spokesperson encouraged users to use a strong password that’s not used for other online accounts, to revoke access to third-party apps, and to set up two-factor authentication.