…And why I started new

If you want the TL:DR version, scroll to the parts in bold.

I first created my Instagram account around 2012 and my handle was @sandragarcia604 or something like that, before I changed it to @sandranomoto after getting married in 2016. Around 2020, I changed it to a business account so I could start running ads, and linked it to my Sandra Nomoto Books Facebook page.

Before I published my second book in 2022, I was at just under 900 followers. When my account was hacked in September 2024, I was at just over 2,800 followers. So not a top influencer over here, but I had made some money and gotten free products by doing brand collaborations as a micro-influencer.

A good number of that 1900 jump were vegan folks around the world who had likely heard/seen me on a podcast and/or bought my book.

How the hack happened

Even though the actual hack happened on Sunday, September 15, 2024, the reason it even happened was totally my fault. Around the weekend of September 6-8, I got a Facebook message from someone I had been in touch with via the Buy Nothing Sunset group. She had picked up a shelf from my mom before my mom had moved in 2023.

The message said something like “I’m in a Food Network cooking contest. Please vote for me!” with no link in the message, so I did nothing.

On Friday, September 13, I attended Creative Pulse’s talk with Executive Creative Director/CEO, and speaker Chris Do at UBC Robson Square. The line to get in was pretty long, so I started scrolling on my phone. That’s when I got the second message from this person asking me to vote for her again. So I said, “Sure. Send the link.”

I clicked on the link and got a prompt to log into Facebook. This wasn’t alarming because sometimes when you’re prompted to take an action on Facebook, the app doesn’t automatically pop up and you have to log into Facebook in a Safari browser. So I put in my login info and there was a very blank looking screen that came afterward that said “click this button to vote” and I think I clicked on it.

I did not think it was weird that there was no Food Network branding or anything on that blank page…I was in doom scroll mode mentally. Then I went into the event which was about 2 hours.

After I got out of the event, I noticed a 6-digit code had been sent to my phone. Uh oh, I thought to myself. Then I went into my email and got that message from Meta that says someone tried to log into my account, but couldn’t because I had 2-factor authentication set up. Crap! I thought to myself. They have my password and just tried to hack into my Facebook account! I’d better change my password soon as I get home.

So I did, and everything was fine on Facebook from then on. I thought to myself whether I should change my Instagram account too, but thought, what are the chances the same thing would happen there?

You know where this is going, and that brings me to my first lesson:

1. Set up 2-factor authentication (2FA) on the social media accounts that matter to you.

Sunday, September 15, I was at my dad’s to celebrate his birthday. As I was leaving, I saw another 6-digit code sent to my phone. Shit!

I got the email that confirmed someone had logged into my Instagram account and changed the login email address. While I don’t duplicate my passwords anywhere, the hacker (let’s call them H) most likely guessed correctly at my IG password based on my old Facebook password.

H also changed the username to @_sandranomoto, and the recovery phone number also associated with my account.

Account recovery attempt begins

Of course, I clicked the link in the email, which led to a non-working page. This was about 3:00pm (15:00) after getting home.

Instagram has account recovery steps. Some of them involve using your recovery email and phone number, which was useless in this case because the info had already been changed:

I clicked “Try another way” which normally has another set of steps involving taking a video of yourself, but they weren’t working for me—it just kept taking me back to the same Instagram help page.

When I got stuck here, I started looking for YouTube videos about IG account recovery, but they were all saying to take these same steps that didn’t work.

In the meantime, hubby came into my office and said, “I think your account’s been hacked.” Yes, I know! I’m working on it!

As you’ll see, the first fake post was a photo of hubs and I which I almost never post in my feed. The photo was taken from my Stories archive and then fake bank account balances were superimposed over the photo. The description bragged about me earning $50K in crypto thanks to a woman named Alice. If you went to that account (which has since been taken down), “she” had about 10 followers.

After 4:00pm, I realized the best way to take action was to use my Facebook Business account to send a message to Meta. I also disconnected my Facebook business page from my Instagram account, in case H might access that account somehow.

After that, it was 4:30pm. I posted on Facebook and LinkedIn that I had been hacked on IG and told my friends and family not to engage with that account. A couple of my friends had liked that post and one (who has known me for almost 40 years) actually thought I had gotten rich from crypto. 😆

My colleague Justin Manning did an informational post on LinkedIn and sent me this message: “Someone messaged me saying they saw this post and specialize in account recovery if you want to be connected.” I told him to connect me even though I wasn’t planning on paying anyone to help me then. Justin also messaged a bunch of people on Instagram who had liked the post by H, telling them it wasn’t me.

Justin forwarded me Brandon Deboer‘s LinkedIn profile. I messaged Brandon to ask what he charges for account recovery. His response: “Our rate for a personal recovery is $1,000. And takes between 1-2 weeks, Normally solved within around a week.”

Sara (a fellow Filipina) at Meta Support emailed me that evening at 6:26pm asking if I was available for a phone call and video meeting in about 2 hours. I said yes, but it actually happened in about an hour, at 7:28pm.

On the video call via Webex, she saw that the account recovery steps weren’t working for me and said that unfortunately she couldn’t take any action on her end, so she had to escalate my case to the internal team. She said to expect a response in 24 to 48 hours, but that it might take longer.

I slept pretty well hearing that.

The next day, H was busy and created a carousel post that bragged about the new Range Rover I supposedly bought with all my cash from crypto, with the steering wheel on the right side instead of left.

I followed up by email 4 days later and got this response: “We just want to update you that our Internal Team is still looking into your concern closely and making sure everything is properly working before we do anything else further. We truly understand that we are not expecting for this kind of resolution, but rest assured, the Internal Team and I are doing our very best to provide an answer as soon as possible.“

Impersonation account emerges

Two weeks went by and I enjoyed my Instagram vacation until I saw H created a new account with my original handle @sandranomoto on Monday, September 30, 2024. That’s why they change your username right when they hack you! This account amassed 60 followers from folks who likely thought it was me getting my account back.

H used the same email and phone number and sent the same Food Network DM—that had fooled me on Facebook messenger—to a colleague.

So even though I’ll say you should try to get your account back within 2 weeks so an impersonation account doesn’t get created with your original name, this isn’t always possible. It very well might happen to you, so

2. It might be a good idea to create a new account and reserve your original username if you don’t want to lose it.

I emailed Sara with screenshots of the newly created fraud account, and got no response. I waited another week.

Monday, October 7 response from Loury, at 2:11pm:
We appreciate your continued response to let us know about the issue you were facing. I appreciate you sending us the information about the hacker created a new Instagram account. You can also report the account by following to these steps provided in the link below.
https://help.instagram.com/1291391774792379/?helpref=related_articles
I believe that our colleague was able to guide you through the steps that you need to take to have your issue sorted.
Furthermore, we would like to let you know that this support ticket is closed. For immediate assistance or urgent help, we encourage that you initiate a new chat for seamless interaction and since this may require real-time troubleshooting via chat to save time. We look forward to speaking with you.

So I opened a new support ticket via Facebook business and got the second email from Zack at 6:24pm:
I see you’re reaching out to us regarding a Case you had previously (Case ID: #####) for your compromised Instagram Account. I appreciate your continued efforts to keep track of this Case as our team works on your issue for you.
I have reviewed the previous Case and noticed that our previous Support has submitted a request on your behalf to have an investigation conducted on the Instagram Account. I would like to let you know that as of this moment, we are yet to receive an update from our Internal Team regarding the investigation.
What I can do is to submit a follow up on your behalf so we would know where we stand on the investigation process and you’ll can then be notified for any updates as well through your email.
We continue to appreciate your extended patience and understanding as our team works on this for you and be assured that we are moving towards our goal which is to regaining access to your Instagram Account.

That put me at ease, so I waited another month. During this time, @_sandranomoto was taken down, so that told me Meta was working on my case. I also spoke to a bunch of people who had had their Meta accounts hacked:

• One American colleague whose Facebook account was hacked was in correspondence with Meta for a year before they asked them to pay US$150 to retrieve the business account.
• A client in my area said they had to get an affidavid from a lawyer to prove their identity to get their Facebook account back. Not sure if this was a personal or business account.
• One colleague said both Facebook and Instagram business accounts were hacked, and they paid a “white hat hacker” to retrieve both. This had to be done quickly because their business is pretty much media-based and they have quite a big following on both accounts. When I asked if they had the contact person for this white hat hacker, they didn’t.

You should know that anytime you post on social media saying your account was hacked, you’re going to get a lot of folks putting emails (usually a gmail.com email), phone numbers, and websites saying they can help you recover your account. There is apparently an entire sub-industry of scammers besides the hackers trying to make money off you!

I didn’t find anyone who had a problem with just their IG business account and got their account back relatively easily.

I followed up with Meta on Thursday, November 7, and got this response:
Thank you for reaching out about case #####. This ticket has been closed, but you can receive support by submitting a new case at:
https://www.facebook.com/business/help?ref=cr
If you’d like us to keep troubleshooting the same issue, please include the case number ##### in the “Please let us know how we can assist” field when submitting a new case. We’ll be happy to pick up where we left off.

I wish I could send a screenshot of the support page that shows both of my support cases submitted via Facebook business were marked “Completed.” When I tried to send another message through support, it wouldn’t let me!

I then decided to pay someone to help retrieve my account for me. While I wasn’t in a rush to get back on IG, I couldn’t take down the fraud account @sandranomoto because I didn’t have a new account to prove that wasn’t me.

The month I was waiting for Meta to contact me, another fellow connected with me on LinkedIn. He supposedly helps people retrieve their Meta accounts. His story is that he sued and won a case against Facebook, and now he works for Instagram. He quoted me US$2000 for Instagram account recovery, and had zero LinkedIn testimonials.

On March 7, 2025 he asked me to remove mention of his name from this post and sent me this LinkedIn message:

I also messaged a bunch of people in my area who were 1st connections with this person to ask if they knew if he was a legit person, and no one could verify that. Another red flag that emerged about this person was that he commented on something I posted on LinkedIn about being hacked. Someone replied to that comment and said something like, “Stop scamming people,” and he replied, “Sshh.” 🚩🚩🚩

Since Brandon’s fee was cheaper than this guy’s hefty US$2000 fee, I decided to engage with Brandon. It’s worth mentioning both of them have a lot of social followers.

Paying for account recovery support

I messaged Brandon on LinkedIn on November 7 and asked him to send over an agreement. He asked to do a chat so he could learn everything that happened with my account, but I sent him my account and case numbers on November 8, so a call wasn’t necessary.

He then said the fee would be $1500. I asked him if he could do it for $1000, the original amount he quoted two months prior, and he said yes.

The first agreement he sent via Docuseal on November 13 had “Facebook account” on it, so he had to send another version. I also asked him if the work would include taking down the new @sandranomoto Instagram account, and he said that would be an additional fee, so I figured I could take care of that later once I had my account back.

I signed the agreement and submitted my info through his form on November 17. He didn’t send the invoice right away, so I had to ask for it on the 19th. His assistant/billing contact sent me their e-transfer email address and bank wire info.

Even though Brandon said he took credit card via LinkedIn DM awhile back, I had to choose either wire or e-transfer. And even though his company is Canadian, he charged me the equivalent of US$1000 in Canadian: $1,397.19.

I sent payment via e-transfer on the 19th. Someone incorrectly put in the password I sent, so the transfer failed and I did it again that same evening. Because it was my second attempt to send, Vancity flagged it and I had to call them on November 20 to release the funds. (Almost as if the universe was telling me I shouldn’t send this payment!)

Monday, January 6, 2025 was 47 days after paying LQ1 Media, so waited patiently for them to do their thing. The agreement I signed said: “In providing the Services under this Agreement if for any reason the Contractor isn’t successful after (45) Business days to render the service for the Client at that time the Client will be provided a refund for services not rendered.“

At some point while waiting, it occurred to me I should have asked for testimonials from people who had successfully had their social accounts recovered from LQ1 Media Inc. I went to the website and although they had social media account recovery listed as a service, the whole site had a fake look to it.

I came across this article but it was from 2023 and for a different service, so I hoped that if the story was true, maybe Brandon had cleaned up his act and was actually running a legit media company.

I messaged Brandon on Monday, January 6. No answer. I left a message on his cell phone on Wednesday, January 8 and received a text reply from his assistant who said, “Brandon is currently in the hospital recovering from surgery he underwent yesterday. He’s currently away from the office.”

Meanwhile, I searched and found Brandon had an Instagram account. That same day he posted a video that said, “I’ve been in hospital for the last couple months on and off. But I’m happy to say I’m making a speedy recovery since yesterday’s surgery, which, I’m really shocked. But before the surgery, I wasn’t able to leave the house or anything because of all the complications that I was having and the medications I was forced to take…I will be back to my normal self here probably within the next week or two, they’re saying. So any major calls we’ll leave until next week. Probably shoot for next Wednesday or Thursday…the fact that I’m even here, I can’t even tell you how much of a friggin’ miracle that is…“

So I gave him more time to get back to work and followed up again on Monday, January 20.

Another week went by and still no update. Brandon continued to post on Instagram about helping people recover their social media accounts.

I sent Brandon a final email (followed by a LinkedIn DM and text) on Monday, January 27, demanding he refund me by Sunday, February 2nd. I said what I would do if I did not receive my refund, which is go public in this blog post and on social media, report to the Better Business Bureau (does that do anything?), and contact all the consumer TV shows in Canada.

Hiring a lawyer to demand payment would have probably cost even more than what I was owed.

This was his DM reply:

LQ1 Media never seemed to operate or do anything without Brandon being “back at the office.” He was walking, driving, and talking on all his Instagram Stories, even saying he was thinking about travelling somewhere sunny.

I was frustrated that someone who was allegedly on medical leave didn’t set up an email autoresponder, have his team handle all client work while he was indisposed, or even alerted his clients that he was sick and that services would be delayed. He’s supposed to have run a digital media company for over 20 years.

A day later, Brandon changed his name on LinkedIn to “Brandon D.” and disconnected us.

The morning of Saturday, February 1st, Brandon sent a text and audio message saying would check on my stuff on Monday and “if for any reason [he was] advised it cannot be sorted” he would “be happy to approve a refund” and that it would take several days.

When I said I would go public Monday if I did not see the e-transfer come in by Sunday, he said that his “billing team” would send it on Monday. Then he blocked me completely on LinkedIn.

I received my refund on Monday February 3, along with a final audio message from Brandon. He said that because he was on medical leave and he was handling my case personally, his team was not able to. And that’s why I never got any updates via email.

That brings me to the next lesson:

3. Before you pay someone who promises they can recover your hacked social account, ask for testimonials, sign an agreement, and search the word “scam.”

Final attempt to contact Meta

Since the last full week of January had good astrological energy and the week of the Lunar New Year had a slower energy, I wanted to see if I could contact Meta again on Friday, January 24. Again, it wouldn’t let me send a message through my Facebook page account, so I clicked on my Facebook page’s ad account and got a prompt to start a chat.

The chat agent, Ryan, prompted me to get on a phone and subsequent video call, similar to what I did the night I was hacked. Ryan said he would call between 11:30 to 11:45am and when I responded, “Are you still going to call?” at around 12:15pm, the chat said a response might take another few hours. Luckily, I was staying home and didn’t have to hop into any meetings.

Ryan called at 12:50pm, and we did a video call via WebEx. When he saw that the initial Instagram account recovery steps didn’t work again, he told me to screenshot the page with the hacker’s email address.

He asked if I had another Instagram account I could log into, and I said yes, so I did that. He prompted me to click on “Report a problem” and the same circular help steps happened when I selected the hack option again. Finally, he said to click on “Report a problem” and use the option “Something else” and that’s when a text box popped up. I had never seen this option before!

Ryan told me exactly what to type, which explained that my (other) Instagram account was hacked, disabled, and that I’d like to retrieve it with my email address. He had me upload the screenshot I had taken, and hit “Send report.” We waited a few minutes for the message to arrive on his end, and he said that hopefully I would hear in two business days about my account.

He also confirmed my new case number, which is the reference ID that was first mentioned in our Facebook support chat.

When I asked if my other case numbers were still worth keeping, he said they would be carried forward to my new case number.

This brings me to the final lessons:

4. Use the “Report a problem” and “Something else” option on a different Instagram account if recovery steps don’t work for you.

If I’d known this step was available via Instagram and that using another account would help, I might not have used support via Facebook business, but I’m still glad I did.

5. The first step to recovering your account is disabling it. The second step is getting it back. Stay on support at least once every two weeks to keep your case active. 

I followed up with Meta the evening of February 2, roughly 10 days after I got a new case number. What you’ll see when you have an active case is that you can just hit the “Request an update” button and type in a message and send it. I never saw this option when I contacted Meta previously.

Sam then emailed a few hours later for clarification: “We got update that you need some more clarification regarding your issue. May I know on which part you need further assistance to resolve your concern. 
Once we receive the required information, we will be more than happy to continue assisting with your case.
I will keep this case open for you if you have any queries please respond to the same email, so we can help you further.“

So I replied to explain my account was already disabled and I just needed to get ownership back.

Response from Vishal: “We would request you to kindly allow us some time to check this issue for you and proceed further accordingly. We will revert back on the same email regarding any update of your case.“

On Monday, February 10, Meta support replied with the message: “We wanted to follow-up regarding case #####. Since we’ve not received any correspondence we’ll be closing out your case at this time. If you need further assistance and would like to reopen the case, please reply to this email as soon as possible.“

I replied to reopen the case and said I would do all the things the people I know with a hacked Facebook account did: pay a fee, send ID to prove I was who I was, and verify my Facebook company page (which I don’t really want to do but would pay for to get my account back). I also filled out the link to their survey and gave feedback as if I wasn’t getting my account back.

That evening, Ryan responded: “Facebook profiles are out of our scope, We do not have such tools to recover the Facebook profiles as we are from advertising team we only have limited options. Facebook never charge to recover the accounts, she might have paid to some spammer. Please follow this link for Facebook hacked profiles https://www.facebook.com/hacked
I implore you to wait for the final resolution. You will be notified directly in your Support Inbox/Email.“

I replied to reiterate AGAIN that I was looking to get my Instagram biz account back, not a Facebook profile. Apparently using my ad account to contact support went to a whole other department. Oy.

Ryan again on February 12: “Hope you are doing well! What do you see when you try to log in the Instagram @_sandranomoto Please share a screen shot. Feel free to reply to this email so I can assist you further.“

And Leo the same day: “This is Leo from the Meta Pro Team. Thank you for the information that you have provided us. We are aware that you are waiting for the resolution. The representative might get back to you soon if there is any information from the team that needs to be shared. 
We humbly ask for your continued patience and understanding. We are still following standard prioritization and Meta team members have been actively monitoring and reviewing these cases as quickly as possible.“

Final response from Meta

The hacker won this one. I got this email from Meta on Sunday, February 23:

I wonder if things might be different if I didn’t disconnect my Instagram account from my Facebook biz page.

Starting over again on Instagram

On Wednesday, January 29 (Lunar New Year), I had a fabulous intuitive business coaching session with Lindsay O’Donnell and talked about my hack situation. She said that I should not wait for Meta to get back on Instagram.

She said I might eventually get back my disabled account, but it’s almost as if my spirit guides intentionally cut me off from my IG account and want me to start anew and share more of myself vs. my business life, like a starfish losing an arm and growing a new one back.

I resonated a lot with that and started thinking about what I would share there vs. the business content I continue to share on LinkedIn. (Book a free call with Lindsay here if you’re interested and tell her I sent you!)

I started a fresh personal Instagram account on Friday, February 14 @therealsandranomoto and would like to get my old username back at some point, so if you feel like doing me a favour, please head to @sandranomoto and report this account as pretending to be me.

THANK YOU AND STAY SAFE ONLINE!