{"id":11264,"date":"2020-10-20T12:40:15","date_gmt":"2020-10-20T11:40:15","guid":{"rendered":"https:\/\/www.museums.cam.ac.uk\/blog\/?p=11264"},"modified":"2020-10-20T12:43:47","modified_gmt":"2020-10-20T11:43:47","slug":"instaphish-do-you-crave-that-blue-tick","status":"publish","type":"post","link":"https:\/\/www.museums.cam.ac.uk\/blog\/2020\/10\/20\/instaphish-do-you-crave-that-blue-tick\/","title":{"rendered":"InstaPhish: Do you crave that blue tick?"},"content":{"rendered":"<h2><span style=\"font-weight: 400;\">On Friday 9 October, the Fitzwilliam Museum unfortunately fell prey to a simple phishing technique that caused the loss of their Instagram account.\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">This post is to explain what happened and to help our colleagues within the sector and elsewhere to avoid the heartache that follows such an event.\u00a0<\/span><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Last Fri we were devastated to lose our Instagram account. We were targeted by a sophisticated hacking technique which means that years of content have been deleted &amp; our followers lost. Lessons have been learned &amp; we\u2019re revising internal procedures for social media activity 1\/2 <a href=\"https:\/\/t.co\/WKT2z8vcy9\">pic.twitter.com\/WKT2z8vcy9<\/a><\/p>\n<p>\u2014 Fitzwilliam Museum (@FitzMuseum_UK) <a href=\"https:\/\/twitter.com\/FitzMuseum_UK\/status\/1317117339696041984?ref_src=twsrc%5Etfw\">October 16, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><b><\/b><\/p>\n<h3>So what happened?<\/h3>\n<p><span style=\"font-weight: 400;\">Our social media team had for a long time been hoping to get verification for their social media presence. The Fitzwilliam Museum, like many of our peers, is a recognisable brand in the sector and veracity and validation of our content is something we all crave. Late on a Friday night, a direct message appeared in the account inbox, purportedly from Facebook, offering a verified account in exchange for account details &#8211; user name, password etc. These were handed over in the web form that was linked to from the post.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Within minutes, the Phisher had bypassed two factor authentication and deleted the account. As the scam was perpetrated late at night, the security emails were missed asking if we\u2019d removed our phone and changed our password.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Now remember this can happen to anyone: staff are tired, the burden of running social media is usually on one or two individuals, mistakes happen.\u00a0<\/span><\/p>\n<h3>So what have we done since?<\/h3>\n<p><span style=\"font-weight: 400;\">Since the phishing event, we\u2019ve contacted Instagram via the Phishing email and tried various other means as detailed in their knowledge base, to see if we can obtain aid to resurrect our account. So far we have been unable to get any traction. If one reads their help and various articles, it reads that the deletion is irreversible.\u00a0<\/span><\/p>\n<h3>How can you avoid this happening to you?<\/h3>\n<p><span style=\"font-weight: 400;\">The stress of this type of cyber attack can be acutely felt by the team members responsible. To mitigate for these attacks you should try these things:<\/span><\/p>\n<ol>\n<li><span style=\"font-weight: 400;\">Turn on <\/span><a href=\"https:\/\/help.instagram.com\/566810106808145\"><span style=\"font-weight: 400;\">two factor authentication<\/span><\/a><span style=\"font-weight: 400;\"> on your social media accounts<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Use a shared institutional email and not personal one for your accounts<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Ask your IT team to have robust anti-phishing software scanning your email<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Instigate house rules (see, for example, the British Museum&#8217;s <a href=\"https:\/\/www.britishmuseum.org\/terms-use\/social-media-code-conduct\">code of conduct<\/a>) <\/span><span style=\"font-weight: 400;\">and perhaps do not respond to direct messages on social platforms outside core work hours.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">If an offer sounds too good to be true, believe the old adage and maybe ask a colleague\u2019s opinion or Google the message. Someone else has usually seen it.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Use the team working features of packages like <\/span><a href=\"https:\/\/help.twitter.com\/en\/using-twitter\/tweetdeck-teams\"><span style=\"font-weight: 400;\">Tweetdeck<\/span><\/a><span style=\"font-weight: 400;\"> so you don\u2019t share passwords for accounts.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Back up your content frequently or if you are technically minded run scripts to mine your feeds at regular intervals:<\/span>\n<ol>\n<li style=\"font-weight: 400;\"><a href=\"https:\/\/help.twitter.com\/en\/managing-your-account\/how-to-download-your-twitter-archive\"><span style=\"font-weight: 400;\">Twitter download your data<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\"><a href=\"https:\/\/help.instagram.com\/contact\/163695614321277\"><span style=\"font-weight: 400;\">Instagram download your data<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\"><a href=\"https:\/\/www.facebook.com\/help\/466076673571942\"><span style=\"font-weight: 400;\">Facebook download your data<\/span><\/a><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">We hope that this post is helpful to you, and that you all remain free of cyber attacks. If it\u2019s happened to you, remember you\u2019re not alone and the community you build will help you return.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Thank you for all the support you have given us since we announced the loss of our account.\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Friday 9 October, the Fitzwilliam Museum unfortunately fell prey to a simple phishing technique that caused the loss of their Instagram account.\u00a0 This post is to explain what happened and to help our colleagues within the sector and elsewhere to avoid the heartache that follows such an event.\u00a0 Last Fri we were devastated to lose our Instagram account. We&#8230; <a href=\"https:\/\/www.museums.cam.ac.uk\/blog\/2020\/10\/20\/instaphish-do-you-crave-that-blue-tick\/\" class=\"excerpt-more hide-for-medium\">Read full article<\/a><\/p>\n","protected":false},"author":10,"featured_media":9728,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[369,156],"tags":[368],"coauthors":[376],"class_list":["post-11264","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-museum-life","category-the-fitzwilliam-museum","tag-digital"],"acf":[],"aioseo_notices":[],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/posts\/11264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/comments?post=11264"}],"version-history":[{"count":2,"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/posts\/11264\/revisions"}],"predecessor-version":[{"id":11268,"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/posts\/11264\/revisions\/11268"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/media\/9728"}],"wp:attachment":[{"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/media?parent=11264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/categories?post=11264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/tags?post=11264"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.museums.cam.ac.uk\/blog\/wp-json\/wp\/v2\/coauthors?post=11264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}