I’m the owner of two small galleries which sell 20th-century ceramics and artworks. One of the ways we’ve become known is through Instagram. We’ve got almost 50,000 followers and sell a lot of work through there.
In May, I was away for the weekend with friends in Somerset. On Saturday morning, I saw an email in our shared work account (purporting to be) from Instagram. It was congratulating us for getting a blue tick — verification that confirms the account is an ‘authentic presence’.
Thrilled, I clicked the link in the email to confirm. It took me to an official-looking Instagram page where I entered our login details. I was then met with a landing page thanking me for confirming our account’s status.
I thought nothing of it. But that evening, I received an email from Instagram saying someone had logged into our account from an unrecognised computer. Shortly afterwards, another email arrived saying the registered email address associated with the account had been changed. Then another appeared saying the username had been changed.
I tried logging into Instagram but couldn’t. Panicking, I started searching for our Instagram page. Nothing came up. I frantically messaged colleagues, hoping one of them might have done it. Slowly, however, it dawned on me that the account’s disappearance was related to the blue tick email.
Then a message appeared from a ‘Joh Courtney’. The subject line was explicit: ‘Instagram account hacked.’ The message read, ‘We have seized control of your Instagram account. It will be deleted within two hours if you do not reply to this email. We require $1,000 to grant you your account back. ‘
After trying — and failing — to contact Instagram, I decided we couldn’t afford not to pay.