New Account Takeover on Instagram
Attackers hijack newly created or recently active Instagram accounts through phishing, SIM swapping, and fake support portals, then use them to defraud the account holder's followers before the original owner can regain access.
Part of: New Account Takeover
Last reviewed: 1 June 2026
A newly created Instagram account — or one that has recently gained significant engagement — is a valuable target for takeover because the existing audience trusts the account owner. Once access is seized, the attacker can monetise the follower base through scam promotions, fake investment links, or direct money requests framed as emergencies.
Account takeover on Instagram often begins outside the platform: through a phishing email, a SIM swap attack, or a compromised third-party app that was granted access. The attacker then quickly changes the linked email, phone number, and password, locking the original owner out.
How this scam works on Instagram
A phishing message reaches the account holder via DM or email, claiming that their account is at risk of deletion for a policy violation and directing them to a fake Instagram login portal. Entering their credentials hands the attacker immediate control. The attacker changes the recovery email and phone number, then begins posting scam content or approaching followers with fraudulent financial offers.
SIM swap attacks involve a fraudster convincing a mobile carrier to transfer the victim's phone number to a new SIM. With control of the phone number, they trigger a password reset and take over the Instagram account, along with any other accounts using the same number for two-factor authentication.
Compromised third-party apps — editing tools, scheduling services, or analytics platforms — that have been granted Instagram API access can be used to revoke the original owner's session tokens, effectively locking them out while keeping the app's own access alive.
Common red flags
- Email or DM warning that your Instagram account violates community guidelines with a link to 'appeal'
- Sudden inability to log in despite using the correct password
- Password reset SMS that you did not request
- Followers contacting you to ask about suspicious DMs or posts they have received from your account
- Notification that your linked email or phone number was changed without your action
- Third-party app recently granted account access without your recollection
How to protect yourself
- Enable two-factor authentication using an authenticator app rather than SMS wherever possible
- Audit and revoke access for all third-party apps in Instagram's security settings
- Use a unique, strong password for Instagram that is not shared with any other service
- Add a secondary email address to your Instagram account and keep it secure
- Contact your mobile carrier to add a SIM lock or PIN to prevent unauthorised porting
- Immediately use Instagram's official account recovery flow (not third-party sites) if you lose access
How to report it
- Use Instagram's 'Hacked accounts' help portal (instagram.com/hacked) to begin the official recovery process
- Report the takeover to your mobile carrier if a SIM swap is suspected
- File a report with your national cybercrime unit if financial loss resulted from the takeover
Frequently asked questions
Can I recover my Instagram account after a takeover?
Yes, in many cases. Use Instagram's official 'Get more help' flow on the login screen and follow the identity verification steps. Act quickly — the faster you initiate recovery, the less time the attacker has to change all recovery details. If recovery through the app fails, submit a support request through Meta's official help centre.