SOUTHLAKE, Texas — A Southlake-area physical therapist who says Instagram and a heavy dose of online interactions helped build her business, never gave much thought to being an online ransom target.
A suspect, whom investigators believe targeted her all the way from Turkey, unfortunately, proved her wrong.
"You can be the target. You don't have to be special. I'm a pediatric PT page," Dr. Emily Heisey said of her Instagram. "I didn't think I was cool enough to get hacked."
Heisey's practice, KinActive Kids, specializes in pediatric physical therapy and chiropractic care.
This past weekend she said she received a direct message alerting her to a copyright problem with her page. The alert, from a legitimate looking Instagram/Meta page, told her to click on a link and enter her username and password again.
"So, I clicked on the link and I signed in, and within three minutes in real time saw my password my email and my contact phone number being changed. It was that quick," she said.
The hacker started changing her page, locked her out and demanded $1,000 to return control of it to her.
"We do have information on this individual that we will be forwarding to the proper authorities," said Andrew Sternke of Juris Disputes & Investigations, who worked with Heisey to recover control of the Instagram account.
But, when the hacker found out the doctor had sought help he grew more angry, making threats against Heisey's family and upping the ransom he sought to $10,000.
"It scared me, in that I had put so much stock into Instagram," Heisey said. "In three minutes for it to be taken away, yeah. Not only was I scared, I was upset. I couldn't believe that two and a half years of hard work could be taken away that quickly."
Cybersecurity experts, including an analysis by the company Cybersecurity Ventures, have predicted that attacks like this could grow 15% every year, costing companies $10.5 trillion each year by 2025.
"But as far as Dr. Emily's cybersecurity is concerned she is extremely protected right now," said Sternke.
Sternke won't say in detail how he restored Heisey's Instagram account and locked out the hacker, but he said everyone should be wary of phishing attempts like this, that openly ask for usernames and passwords. He advises people to sign up for two-factor authentication on social media accounts, get a password manager set up, and make sure all security updates on devices are current.
"This is something we can easily combat, just be educating others on the importance of this, understanding all this works," said Sternke.
Heisey said she initially reported the hack to Instagram/Facebook/Meta when it happened last weekend, but she has yet to get a response.