SALT LAKE CITY — Well-known contemporary figurative artists Rose Datoc Dall spent nine days in a race against hackers on Instagram after a simple screenshot gave them access to her account.

“A supposed artist asked, ‘Hey can you vote for me as an Instagram influencer?’ and I thought ‘OK, I’ll be nice,’ ” Dall said. “She said ‘I’m going to send you a text on your iPhone, not your DM, your iPhone and don’t click on it but please take a screen shot of it and send it to me.’ I thought that’s kind of weird but alright.”

Dall said she took a screen shot of the message sent to her phone and then text it back to the artist and within minutes found herself locked out of her account.

“They had changed my email, my phone number and I couldn’t respond fast enough to the email alerts.”

Dall posted immediately that she had been hacked on a secondary Instagram account and began changing passwords and setting up two factor authentication for her other online accounts. She then began to worry about all her followers and clients on Instagram that could become potential targets.

“It felt like my life was pulled out from under me because my Instagram, what it represents is my business account, it’s 11 years’ worth of followers that care about my artwork and clientele,” Dall said. “I was afraid they were going to go in and create a duplicate account and use my name and use my identity for their purposes.”

She reached out to Instagram multiple times but got no response. She emailed security at Instagram with a video explaining who she was and what happened and again, no response. She finally found help through videos on YouTube.

“What it turned out to be after reading tons and watching tons of Youtube videos, which is really the only place I found help, is that the screen shot with the link was a reset password link and somehow, even with a screen shot they could probably type in that URL and reset my password.”

After nine days and a lot of research, Dall was finally able to access her account, but it was a race against the hackers to see who could reset her email and password first.

“I sat there watching my inbox like a hawk with my desk top open and my phone open and the second that it got in, I hit that reset password link and went in and changed all my settings, changed back my email, my phone number, deactivated my two factor to kick them out, reinitiate it, then go in my Facebook to make sure they didn’t have a Facebook account attached to my Instagram account.”

Dall said she felt a huge relief when she successful and beat the hacker and recovered her account, but said she’s frustrated with the lack of communication from Instagram.

🔎 Unauthorized port scans
🔎 Mapped in realtime
🔎 Tweeted hourly
🔎 #cybersecurityhttps://t.co/85FSAuEhDV pic.twitter.com/AHIElZ8y3A

— @WhoIsScanningMe (@whoisscanningme) August 19, 2022

“It was probably one of the worst weeks of my life because I felt like I had no control and I had no help,” Dall said. “What I went through was a nightmare, I don’t want anybody to go through what I went through. This is serious, this is identity theft.”

Dall’s experience was a familiar one to cyber security expert Roderick Buhler, an associate professor at Salt Lake Community College.

“There was a bug in the software a few years ago in the app on your phone and it actually made it so the URL showed in the screen of your page so they can manually type it in and get to your page without having a log in,” Buhler said.

He said hackers are getting smarter and smarter and they’re targeting people through shared interests.
“These guys will disguise themselves any way they can and they’re very good at it. It’s very profitable,” Buhler said. “In the old days, years ago, you knew who the bad guys were, they looked like bad guys, they come to your door and they had to physically meet up with you. These days they come from anywhere.”

When it comes to online safety, Buhler teaches seven cyber security rules:

1. Freeze your credit
2. Start all communications
3. Keep your phone number private
4. Never use debit cards
5. Never, ever use public wifi
6. Use two-factor authentification
7. Create $tr0nq{P4zz!ds}

“Freeze your credit. It’s free. The government required that it’s free with the three major credit bureau,” Buhler said. “You want as many roadblocks as possible.”

Along with strong passwords, remember long is strong, another step to protecting your information online is through simply updating your apps.

“Updates for apps and software is usually bug fixes. And bug fixes are usually security holes. So whether its Windows or Mac or your phone make sure you get the updates,” Buhler said.

Buhler said SLCC is hosting a Cyber Bootcamp this fall and encourages anyone interested in learning more about cyber security and protecting themselves online to visit.