How to protect your Instagram account from phishing and scams
From Security Checkup to reporting tools, we’ve rounded up five key steps for everyone to help keep their account secure:
Account safety and helping our community keep their accounts secure is extremely important to us at Instagram. We have a number of tools in place to help people keep their Instagram accounts safe against phishing attacks and suspicious activity – and we’re always working to improve and update these security features to ensure that we remain a safe and welcoming community.
From Security Checkup to reporting tools, we’ve rounded up five key steps for everyone to help keep their account secure:
- Security Checkup: a new feature to help people keep their Instagram accounts secure. Security Checkup will guide people, whose accounts may have been hacked, through the steps needed to secure them. This includes checking login activity, reviewing profile information, confirming the accounts that share login information and updating account recovery contact information such as phone number or email.
- Enable two-factor authentication: We strongly recommend setting up two-factor authentication, which is a security feature that helps protect your Instagram account and your password. Having two-factor authentication means you’ll receive a notification or be asked to enter a special login code when someone tries logging into your account from a device we don’t recognize. Head to Security in your Settings and set this up in just a few taps, either using your phone number, or an authenticator app like Duo Mobile or Google Authentication.
- Enable Login Request: When you set up two-factor authentication on Instagram, you’ll receive an alert whenever someone tries to log in to your account from a device or web browser we don’t recognize. These alerts will tell you which device tried logging in and where it’s located. You can approve or deny the request immediately from your already logged in devices. You can also view the list of devices that have recently logged into your Instagram account at any time under “Settings,” “Security,” “Login Activity.” If you don’t recognize a recent login, you can log out of that location or device and let us know that the login wasn’t you.
- Update your phone number and email: Make sure that the email and phone numbers associated with your device are up to date. That way if something happens to your account, we can reach you. These steps let you recover your account even if your info has been changed by a hacker.
- Instagram will never send you a DM: Over the past few months, we’ve seen a rise in malicious accounts DMing people to try and access sensitive information like account passwords. They may tell you that your account is at risk of being banned, that you are violating our policies around intellectual property, or that your photos are being shared elsewhere. These messages are often scams and violate our policies. When we discover these kinds of scams, we take action against them, but we also encourage you to report the content and block the account. Remember: Instagram will never send you a DM. If Instagram ever wants to reach you about your account, we will do so via the ‘Emails from Instagram’ tab in your settings, which is the only place you will find direct and authentic communication from us on the app.
- Report content and accounts you find questionable: While we are always improving our technology to combat new trends and techniques that hackers and spammy accounts may use, you can also report individual pieces of content to us by tapping the three dots above a post, holding on a message, or by visiting an account and reporting directly from the profile.
For more information about our safety tools, visit our Help Center here.