Instagram Security

<  Back to Fact Sheets
Instagram Security

Instagram allows individuals and businesses to share photos and videos with other users. Similar to Facebook or Twitter, everyone who creates an Instagram account has a profile and a newsfeed. Other users who follow you will see your posts in their own feed. Many users also link their Instagram account to their Facebook profile, so that they can share stories across both platforms. You can also create and link multiple Instagram accounts to each other and to Facebook. Given Instagram’s reach, messaging and advertising features, criminals can exploit these, making users susceptible to scams, identity theft and cybercrimes. By reviewing your security settings and being conscious of how you use Instagram you can mitigate these risks.

Quick Facts
  • IDCARE has seen a sharp increase in the number of clients seeking our help with Instagram account issues.
  • In 2021, IDCARE clients affected by Instagram account issues reported a total financial loss of over $4 million, with an average loss of $24,500 per affected individual. Total losses reported in the first half of 2022 have already reached $4 million.
  • The most common issues reported to IDCARE regarding Instagram accounts are:
  1. Account takeover (hacking)
  2. Responding to a post from a friend or business Instagram account that has been hacked, often leading to scams involving investments, grant applications or competitions
  3. Responding to an Instagram post or message about a competition or an investment opportunity
  4. Relationship scams that began on Instagram

Preventing Instagram account problems
  • Instagram’s Help Centre provides information on how to manage your privacy settings and improve your account security
  • Even if your account is private, don’t post information, photos or videos you wouldn’t want made public. 
  • Never post photos of your identity credentials, such as your driver licence or passport.
  • Always use strong and unique passwords, and consider using a password manager to store these. 
  • Never share your login information.
  • Turn on two-factor authentication
  • Be careful about allowing access to your account to third-party apps or websites.
  • Avoid clicking on links, even if they appear to be from a friend or business that you follow.
  • Keep backups of your posts if they are important to you or your business. 
  • Unfollow and block users that you don’t wish to interact with through Instagram. 
  • Disable geolocation on posts, tailored ads and others’ ability to tag you in photos.
  • If you meet someone through Instagram, be careful leaving the app to chat with them. Don’t send money or provide them with identity credentials.
  • Report suspected fraud or scam posts and profiles to Instagram.  

Detecting Instagram account problems

Common signs that there may be a problem with your Instagram account include:

  • You don’t have access to your account anymore despite using the right password.
  • Your account is leaving comments or sharing things that you haven’t posted.
  • Your account starts to follow people you don’t know and also like their images. 
  • There are images on your account which you know aren’t yours. 
  • Your account contact details, such as your email, has been changed.
  • Accounts linked to your Instagram profile are removed or added.
  • You responded to a message that you thought was from a friend or company you follow, perhaps regarding a competition or investment opportunity, only to later discover that their account had been taken over.
  • You or your followers see another Instagram account using the same name (personal or business) and some of your photos, logos or posts.
  • You do a reverse image search of one of your own photos and see it appears in a different Instagram account.  When you go to that account, you see that it is claiming to be you or your business.
Responding to Instagram account problems
  • Contact Instagram immediately if someone has gained access to your account, is impersonating your account, or has created in Instagram account impersonating you or your business.
  • Where possible, inform your friends, family and followers of any unauthorised access to your account.  This will reduce the risk that they will engage with the criminal now controlling your account.
  • If you are still able to access your account, Instagram advises that you confirm your email address and phone number are correct in the account settings, turn on 2FA, change your password and send yourself a password reset email, and remove any unauthorised linked accounts and access to your account from third party apps.
  • If you have stored your credit card or other payment details on your Instagram account or any linked accounts, contact the issuer immediately to cancel the card and/or payment account.
  • Notify the relevant document issuing organisations for any other credentials that may have been stored in your account.

For additional support or information, contact IDCARE by submitting a Get Help Form or call 1800 595 160 (Aus) or 0800 121 068 (NZ).


Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

  • IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. IDCARE is a not-for-profit and registered Australian charity.
  • The Services provided do not constitute legal advice. IDCARE recommends that you consult your own legal counsel in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the content provided, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limited liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in the course of providing the Services.
  • If you would like to provide feedback please use our Feedback Form.


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440