Yes, but probably not how you’d expect. When people think of hacking, they typically envision shady characters sitting in a dark room behind a computer engineering large-scale heist. Instagram hackers operate totally differently.

Hi, I’m Aaron. I’ve worked in information security for the better part of two decades. I help protect people and businesses daily against all sorts of hacking. 

In this article, I’ll explain how you can get hacked through Instagram and what you can do to protect yourself. 

Key Takeaways

  • Your computer is unlikely to be directly hacked through Instagram DMs.
  • Instead, you’re likely to be hacked through social engineering, which hacks you directly. 
  • Knowing what to look for in social engineering attacks is critical. 
  • You can defend yourself by employing smart internet usage tips. 
  • The safest way to defend yourself is not to engage; ignore DMs you don’t expect or seem suspicious. 

How You Get Hacked Through Instagram

It’s very unlikely you’ll be directly hacked through Instagram DMs. Instagram isn’t designed to allow remote execution of malicious code. That means someone can’t send a file that automatically launches on your device and do something you don’t want. 

There are a couple of reasons for that. First, you may be using a PC, a Mac, Android or iOS device. All those devices use different Operating Systems which work differently and run software differently. So a virus or other malicious content written usually won’t work for Android and vice versa. 

Second, Instagram itself won’t execute code, meaning that it won’t run a program or app without human intervention. You can’t even send a file type other than voice, video, or images. Other files must be sent via web links. So if you don’t open a link sent to you, then malicious content won’t run on your device. 

Typically, when you get hacked through Instagram DM, you’re being hacked via a technique called social engineering. Instead of hacking your computer, social engineering hacks you!

Social engineering takes advantage of a few innate elements of human psychology. The hacker creates a trust relationship with you and uses that to deliver a virus to your device or demand information or money from you. If they do so subtly, the relationship may seem completely natural.

Instagram DMs help create that trust relationship. They’re a personal conversation on a one-to-one basis designed to build a friendship or more. People use Instagram DMs with that expectation, making the establishment of trust that much more likely. 

Once a hacker has your trust, they’ll ask for money, information, or try to entice you to buy something. They may also send a link that contains a file with a virus that will infect your computer. At that point, you’re unlikely to question the hacker’s motives, making their hack successful. 

How to Protect Yourself from Social Engineering

Social engineering is very difficult to distinguish from a legitimate conversation. It’s even more difficult to distinguish on Instagram than other communication methods, like email, because there’s no identity validation service. Anyone can pretend they’re from a business or pretend they’re an entirely different person. 

Here are some tips to avoid social engineering hacks on Instagram…

1. Avoid Suspicious DMs

Did you get a DM out of the blue? Does it look like a bot? If you didn’t expect to get a DM and you’re uncertain about one you did receive, don’t engage. Remember: you can always ignore or delete a DM if you don’t want to respond. 

This also applies to outreach from influencers, people with popularity on Instagram who are trying to sell you a product or idea. That may be very subtle. Instagram, like other social media sites, is designed to feed you content you’re likely to engage with. You may receive DMs from creators who create that content for the purpose of selling you a product or idea. 

You should also…

2. Never Click Links

If someone’s sends you a link, they’re trying to get you off Instagram. That may be to visit phishing website designed to harvest your personal information, download a file that may contain malicious content, or sell you on goods and ideas. 

If you’re engaging on Instagram, then you’re safer than engaging off Instagram. Keep your engagement on Instagram and you limit potential methods of hacking to social engineering. 

You may also want to…

3. Try to Verify Identity

If a company reaches out to you on Instagram through DMs, verify that the account is legitimate. Try to engage on other social media platforms with the company. You can also call or email the company on publicly available numbers or addresses. 

If an influencer or other person reaches out to you out of the blue, you can try to reverse image search them on Bing or Google. Doing so may reveal a different Instagram account name or may show the person you’re talking to isn’t who they claim to be. 


Here are some answers to frequently asked questions related to being hacked through your Instagram DMs. 

Can Someone Hack My Account if I DM Them?

Yes! Social engineering takes many forms and someone may use it to obtain your account information. That would allow them to access your account without your permission, effectively hacking it. 

Is It Safe to Accept Message Requests on Instagram?

Sure! Just because you accept a message request doesn’t mean that you’re giving any additional access to the content you post on Instagram. It does, however, open you to social engineering if you engage with the person. 

Is Instagram Safe for Private Messages?

According to Instagram/Meta private messages on Instagram are encrypted end-to-end. Meta retains copies of messages and has disclosed those to law enforcement and government agencies without notice. You’re also at increased risk of social engineering attack.


Instagram DMs are a great way to engage with other Instagram users. They’re not without peril, though. Like other social media platforms, Instagram DMs can be used to hack you through social engineering. Cautious use, however, is a great defense to potential hacking. 

Have you received suspicious Instagram DMs? Let me know about your experience in the comments below!