A California woman who thought she was helping an old friend pay for a kidney transplant has been caught up in an Instagram hacking scheme with a nightmarish twist — criminals drained her bank account via Zelle and then forced her to make a hostage-style video endorsing a get-rich-quick scheme in an attempt to get some of it back.
I found her “hostage” video online, which was posted by an Instagram account containing hundreds of similar videos endorsing a scheme promising 1,000 percent% on investments; many seem to be coerced.
Makaylah Lervold wrote to me on Friday desperately seeking help getting a refund after her bank account was hacked and criminals sent themselves about $3,000 of her money. The hack followed a chain of events that began with an old friend reaching out over Instagram messages saying he’d finally found a kidney donor match after a four-year search. Lervold had met the sick friend several years ago at work, but hadn’t stayed in touch, though she was aware that he was indeed seeking a transplant. His search was public; I’ve been able to confirm it through local news coverage. Lervold said she messaged with the writer, whom she now knows was an imposter, and agreed to take a phone call from a hospital representative who would provide instructions on how to contribute.
She sent $1,000 to the caller’s account via Zelle, thinking it was a donation. Instead, the money was sent to a criminal’s account. The caller gleaned enough information — she asked for Lervold’s authentication codes — that the criminal or someone else was able to transfer nearly $3,000 more out of Lervold’s account through a series of additional Zelle transactions. Lervold provided a screenshot of those transactions to me. Then, using stolen credentials, someone hacked into Lervold’s Instagram account and locked her out. The criminal subsequently threatened Lervold with more financial crimes unless she produced a video endorsing an investment scheme.
“Hi everyone. It’s Makaylah,” she says in the video. “I’m just here. I want to let you know about a huge opportunity. I just invested $1,500 with [name removed] and she turned my $1,500 investment into $15,000. Don’t miss out on this opportunity. I’m so grateful. Thank you [name removed]. Hit her up. She will invest your money. And turn it into a huge profit. You won’t regret it.”
Other videos on the “investment” Instagram account page contain similar messages. The account has more than 1,500 followers and has made 1,700 posts, dating back well into last year.
Posing as an old acquaintance, I contacted the hijacked account that originally belonged to Lervold’s sick friend, offering congratulations for finding a kidney match. The response came quickly: “Thank you so much sweetheart and I was about to ask you if you’d be interested in making some extra money.” Then later in our exchange, the imposter wrote, “Can you help me out $300 until tomorrow morning. I was short on a bill…I’m actually at the hospital.”
That victim declined to respond to a request for an interview.
Joseph Cox at Motherboard reported last week on a victim who was also forced to make a hostage-style video after being coerced into a bogus bitcoin investment. It’s unclear if these incidents are related, but my concern is the compelling tactic of forced video endorsement.
Lervold said the experience was terrifying.
“I’m so distraught…it was really scary,” she said. They drained all the money that I had saved for my wedding in June. It’s devastating. … They forced me to make a video just like the last video they posted on my friend’s hacked account. … They said if I didn’t do it they would completely drain my account. It was the scariest situation I have ever been in.”
Worse yet, when she contacted me, the criminals were using Lervold’s hijacked account in an attempt to scam her friends, she said.
“Now they are trying to scam my friends and inviting people from my Instagram to our wedding and are asking for money,” Lervold said.
She provided me with screen grabs of a dialog between a friend and the hacker in which the criminal offers to invite the friend to the wedding…then tries to convince the friend to send in money for the investment scheme.
“Did you see my ad? I actually made $15k from the investment. I posted it,” the message from the criminal, posting as Lervold, says. “Was wondering if you’d like to tap in.”
Last week, I reported that there was a large increase in consumers reporting that their Instagram accounts had been attacked by hackers. This complex scheme…involving trusted friend relationships, and hopping from one hijacked account to another, armed with intimate knowledge of each hacked victim…shows why hacked Instagram attacks can fetch nearly $50 on the digital black market.
Lervold said she reported that her Instagram account had been hacked to Facebook late last week; she has not yet heard back from the company. On Facebook, she can be seen pleading for friends to unfollow her Instagram account and asking them to report it as fraudulent so they would not be deceived by her video.
Monday afternoon I reported her account to Facebook’s media relations deparment, along with the account hosting the hostage videos. Facebook has not yet returned my request for comment, but by Tuesday morning, Lervold’s account and the account hosting the hostage videos were both taken offline.
“Apparently each scam is different,” Lervold said. “They were messaging me already knowing I was (the kidney patient’s) friend. Which is why they knew I would donate. Other people they have used this investment scam saying they can turn a certain amount of money and turn it into a huge profit. Like the videos. You can turn $1,000 into $10,000. They took over my account and are asking people for money to help with my wedding. They must have read personal messages and are using that to get to my Instagram friends…the read back years in my messages.”
Eva Velasquez, CEO of the Identity Theft Resource Center, said her agency has been tracking the large increase in Instagram scams. She said she was very concerned about the hostage video trend.
“It’s a new twist on ransoms,” she said. “Instead of asking for money, they are asking for videos.”
Her message to the public: Don’t make coerced videos. Paying the “ransom” doesn’t work.
“Do not make these videos endorsing something to get your money back or your account back because it’s not going to happen, you’re not getting it back,” she warned. “Just walk away from the account.” Work through the social media companies to get account access restored she said, admittedly an “arduous process.”
She warned that victims would suffer even deeper emotional consequences than those who send money to criminals — because their accounts and their words can be used to scam friends.
“When you add a layer that you were an instrument of victimization involving people you know and love, who are part of your personal network. that just adds another layer of emotional grief,” she said.
Velasquez also reminded users never to share authentication credentials — including two-factor text message codes — with anyone.
I’ve decided that those SMS codes should no longer be used; it’s time that users switch to an authentication app for two-factor needs. There are too many stories about criminals accessing text messages through hacking or coercion.