Compass Chicago broker and architect Nancy Gordon thought she was DM’ing a Seattle-based small business owner on Instagram on Feb. 7 when she clicked on a link — that she believed was to a product the owner was helping her find — and weeks of frustration ensued.
The message, which read, “Can I send you a link and you send it back to me.” — with a period, not a question mark — was not from the store owner, but from a hacker who had taken over the store owner’s Instagram account, and that same hacker quickly locked Gordon out of her own account too, CBS 2 Chicago reported.
Gordon first attempted to report the hack within the Instagram app to no avail, so she then emailed Instagram executives and the app’s accounting office, which she had paid numerous times for promoted posts. Two weeks later, Gordon has yet to receive any kind of communication from the company.
Nancy Gordon | Credit: Compass
“I have never, to this day, gotten a response from anyone,” Gordon told CBS 2.
Gordon told Inman directly that she had been trying to do several things at once when the DM exchange happened — like many real estate professionals tend to do — which likely made her more off-guard than she might have been normally.
“I was in the middle of ten things — rushing to an inspection, writing an offer, etc., and my attention was in so many different places,” Gordon said in an email. “I didn’t think much about it because I thought it was someone I knew. I had that tiny moment of ‘This is a little weird, why would she need the link back?’ but was distracted and just trying to get everything to everyone and not fall behind. So, kind of on auto-pilot, trying to race and get things crossed off the list, I just sent it back to her (him).”
That mistake ended up costing Gordon her account. In the two weeks since she was hacked, the hacker has also ripped off two of Gordon’s followers in a Bitcoin scheme through her hacked account, FancyHavenMaven, by using the exact same message that duped Gordon. The followers were scammed out of thousands of dollars.
Instagram’s PR team did not immediately respond to Inman’s request for comment.
“That there is zero help — and you can’t even report the problem — is there anything worse than that?” Gordon told CBS 2. “This person is going to have control of my page forever.”
Instagram is increasingly the social media platform of choice for real estate agents who want to promote their brand or listings. Gordon had spent countless hours developing an account with about 800 posts of listings and design tips and invested “plenty” of money for the platform to promote her posts, only to have it all go down the drain.
Gordon told CBS 2 that she was frustrated enough to want to leave the platform entirely, but felt she didn’t have the option to because it’s now an integral part of her business. Instead, she resorted to creating a new account, Chicago Haven Maven, and continues to warn her followers about hackers — especially since Instagram may not be there to help in the event that bad actors pop up.
“Knowing that the platform has that much power and how much money they make — for them to sit there and say we are working to create the safe space, but they are knowingly doing the absolute minimum — it couldn’t be more disconnected,” Gordon said.
Having gone through this experience, Gordon told Inman that her best advice to other agents for avoiding the ordeal she went through is to take a breath, slow down and be mindful with whatever task is at hand.
“We are naturally trying to keep up, get everything to everyone, keep people happy, not let anything fall between the cracks, and in that moment, I was vulnerable because my attention was in so many different places and this message came from someone (I thought) I knew,” Gordon said. “Slow down, it’s okay if people have to wait a bit. Don’t DM when you’re busy! … In those moments when your attention is in a million places, take a minute to reset, take a deep breath, get grounded and bring your attention back to yourself and what you are doing in the present moment.”
Gordon added that people sometimes assume that only very naïve or gullible individuals can get hacked, but it can happen to anyone under the right circumstances.
“I think we all have a picture in our minds that people who get hacked are not that smart, or a little gullible, and that’s just not always the case,” Gordon said. “When someone is posing as a person you think you know, you are automatically going to be a little more open and vulnerable. My old account doesn’t look hacked anymore and this guy is still actively using it to bait and try to scam people, and there’s nothing I can do about it.”
What to do if you get hacked
If you notice your account’s been hacked because you see account activity you don’t recognize, start by resetting your password via the login page on the app. If you receive a login reset link through your email or phone number, you can create a new password and then log in, which should kick the hacker out of your account.
If you don’t receive a link through one of these methods to create a new password, the hacker may have already also changed the email address and phone number associated with your account. In that case, you can follow steps on Instagram’s help page to have them send you a security code and verify your identity so you can get back into your account.
General tips to protect your Instagram account
- Start with a strong password (think random and long)
- Set up dual authentication
- Monitor your login activity under the app’s Security section
- Know which third-party apps have access to your account, disable their access and change your password if any of those apps experience a data breach
