If you’re a millennial who owns a smartphone, then chances are that you’ve downloaded the Instagram app to take and share photos with the people in your life. About 20 percent of people who use the Internet also use Instagram – 90 percent of them are under age 35 – and it’s quickly become one of the fastest-growing social media outlets since it was launched in 2010. An estimated 106.2 million people will use Instagram by 2018. Already, about 75 million people log on every day to check in with friends, upload photos of their lunch and post videos of their kids’ first steps.
Like Facebook, Instagram serves as a way to connect with those we care about and stay up to date on causes, celebrities and brands that we like. Unlike Facebook, the app is restricted to photos and videos, which makes it an easier target in many ways for cyber criminals. With an increase in popularity, Instagram has been the prime choice for hackers to steal photos, assume identities and carry out criminal behavior all without the original party ever knowing what happened. It’s called Instagram impersonating, and it’s a growing problem in a world of unlimited show-and-tell.
How and Why Doppelgangers are Born
Despite its prevalence among social media sites, Instagram has a surprisingly simple approach to security, one that lends itself to increased threat of black hatter tricks. Black hatters are cyber criminals. They typically operate under false identities to steal data for personal or monetary gain. On Instagram, people can “follow” you, meaning that they’re allowed to see all of your posts at any time, similar to the way that Twitter works. According to Instagram’s FAQ page:
We have adopted a follower model that means if you’re “public” on Instagram, anyone can subscribe to follow your photos. We do, however, have a special private option. In this mode, a user can make sure he/she must approve all follow requests before they go through.
By default, a user’s Instagram is public. Anyone with an account can access your images unless you change this setting. The company reiterates this fact in the next question about photo privacy, noting that all of your photos “are public by default.” Given the default setting that essentially grants unlimited access to your photos to anyone in the world who uses Instagram, it’s no surprise that black hatters can simply lift your pictures and create fake accounts.
It might be easy to understand how Instagram impersonation happens, but the more puzzling question is why. Instagram isn’t used the same way that Facebook is used. On Facebook, you can purchase ads, shop, send money to people and store intensely personal details like your birth date and credit card number. Instagram is a more specific social media platform, and there doesn’t seem to be a lot of monetary gain to creating fake accounts with cloned images. Still, it’s happened before, and it’s an increasingly creepy trend. There are a few reasons why a cyber criminal would steal someone’s Instagram identity:
- Fake followers: Instagram operates on a “follower” model, which means your friends, family and fans will “follow” your account to keep in touch. Impersonators might use this to their advantage, especially for Instagram accounts of famous people or brands. Through cloned accounts, they can generate more of a following, thereby allowing them to purchase fake likes and continue the cycle.
- To avoid spam filters: In an effort to reduce the amount of spam that you see on Instagram, the company puts spam filters in place to kick out robots and fake accounts. By copying your profile and posts verbatim, an Instagram impersonator could bypass those spam filters and gain access to the site.
- More serious identity theft: It’s not clear whether Instagram impersonation serves a larger purpose, but there’s no doubt that identity thieves will continue their game as long as the system allows it. Your Instagram doppelganger might just be using your photos as a black market ploy, or she might be preparing for a more serious threat, such as duping your followers into downloading malware.
- Long-term scams: New technology invites new ways to buck the system, and some black hatters use fledgling security features to test the waters. Instagram has only been around for six years, a drop in the bucket compared with the Internet as a whole. What seems like a creepy-but-harmless piracy issue now could morph into a long-term scam.
You may not find out about a cloned account. In cases that have been reported on the media so far, people who’ve been impersonated have only found out by accident or through confused friends and followers. There’s a good chance that your Instagram account could be infiltrated without your ever knowing, and while that’s scary enough to think about, the consequences are even worse.
Unfortunately, the legal precedent for Instagram impersonation is hazy at best. In August 2015, actor Derek Luke revealed that his Instagram account wasn’t actually his. Instead, it was being run by an imposter, and the account had attained 78,000 followers. Despite threats from the actor and his attorney, it wasn’t as cut-and-dried as it seemed at first. The Huffington Post asserted that Instagram impersonating might not actually be illegal, particularly if all the imposter does is post photos. Unless there’s actual criminal intent or action involved, then you may not be able to do much about a fake account in your name. Still, there are ways to oust an Instagram doppelganger and reduce your likelihood of getting cloned.
Instagram’s Security Features
A recent update to the Instagram layout may inadvertently encourage Instagram impersonation. The company plans on replacing the current model of chronological posts with one that’s based on algorithms. Facebook, the site’s parent company, has been doing this for months, allowing users to control what comes up in their feeds based on priority rather than the time it was posted. However, Instagram plans to generate a feed based on an internal algorithm instead of user preference. This lack of control led to an immediate outcry from celebrities and disgruntled users, but one issue that has yet to be addressed is security.
As mentioned earlier, it’s relatively easy for someone to steal your photos and create an account without your knowing. With a new algorithm-based model for posts, your friends may miss duplicate or questionable posts that would otherwise alert them to the fact that your account has been compromised. Identity thieves could go for months without being detected, and the amount of information that they could glean during that time might be devastating.
Even more puzzling, Instagram doesn’t follow up with users who have reported impersonation attempts. If you follow the company’s procedures for reporting abuse, all you’ll receive is a confirmation notice that your report went through. The only way to know for sure if the fraudulent account has been deactivated is to check on your own.
Instagram’s security features may not be as sophisticated as they could be, but the company takes great pains to ensure a smooth user experience. Unlike Facebook, Instagram allows users to report fraudulent accounts even if they don’t have access to the cloned account. The company also encourages users to take the following five steps in preventing unauthorized use:
- Choose a strong, multifaceted password. Avoid common words, pick a combination of letters and symbols, and change it up a couple times of year to keep it fresh.
- Keep the password to yourself. Don’t share your password with other people, including your friends. You should always maintain control over the one key that unlocks your social media account.
- Double-check your email accounts and other passwords. Because your email is tied with your Instagram account, make sure that it’s secured as well. Use different passwords for the app and your email, and change these up regularly.
- Don’t let the computer “remember” you. When you’re on a public computer or your friend’s device, don’t forget to log out once you’re done using Instagram. Also, uncheck the “remember me” box when prompted.
- Be judicious when it comes to third-party apps. Many apps require a connection with your email or social media accounts. Instead of risking your Instagram password falling into the wrong hands, create a separate email to use for third-party apps. If you do need to link your Instagram account with another app, read the terms of service carefully to see what you’re getting into first.
If your account is hacked or you’ve been impersonated, then there are steps that you can and should take according to Instagram’s policy on impersonation accounts or hacking. Essentially, you’ll fill out a report describing the incident. Instagram will verify your identity, and they should remove the fraudulent account, although how long it takes is left up in the air. It’s important to note that you can only report a violation on your own behalf. If you see a friend’s account and determine that it’s fake, then you should encourage your friend to take action. Instagram requires you to submit a copy of your government-issued I.D. if you want them to take action against a suspected fraudulent account. This policy ensures that you’re the real wronged party in this scenario.
Staying Private Behind the Lens
Like all social media platforms, Instagram lets you connect with people over shared interests. Unfortunately, there are quite a few loopholes in Instagram’s security setup that encourage impersonation. To prevent this from happening, take some precautions:
- Limit your posts. Instagram already prohibits certain types of posts, such as hateful or derogatory statements, nudity or illegal behavior, but take their guidelines a step further in the name of security. You don’t have to censor your thoughts, but limit how much information you share with the Internet in general, especially if your account is public. The less you share, the less data an imposter can use against you.
- Restrict access to those you trust. It’s a good idea to set your account to private, but not everyone has that luxury. Public figures and businesses, for instance, can’t limit their exposure. But you can as an individual. If you set your account to private, you’ll be able to approve followers, which can keep your sphere of influence under control.
Instagram has seen a significant increase in the number of users over the past year alone – over 100 million in 2015 – and it will most likely continue to grow as more people jump on board the photo-sharing bandwagon. To reduce your chances of becoming a victim of Instagram impersonating, use your account wisely, accept followers with care and limit how much of yourself you post online.