It Looked Like Instagram – Until It Hijacked My Life

Apple Ecosystem: A Personal Warning. I am currently the victim of identity theft and impersonation. Since April 23, 2025, I have made no collaborations, no outreach, and no new partnerships of any kind. My knowledge panel has been split, and multiple impersonators have surfaced across the internet — often mimicking my work, my branding, or my voice. Thank you to everyone who has shared screenshots of fake websites or flagged suspicious activity. Your vigilance means everything.

---

The App Looked Real — Until It Wasn’t

Like most people, I thought downloading Instagram and Facebook on a new device would be easy.

I opened the App Store — inside what I believed was the secure Apple ecosystem — searched, downloaded, and logged in. Everything looked normal — the icons, the screens, even the font.

But what I actually downloaded wasn’t the real app.

It was a spoofed version: a near-perfect copy meant to steal my credentials, hijack my sessions, and mirror my online activity — while I was none the wiser.

That’s how it started.

Then the Real Damage Began

Over the next few days, subtle things started happening:

• Settings that wouldn’t stay saved

• Logins that didn’t feel right

• Permissions I never granted

• Popups that looked official — but weren’t

• Accounts being accessed before I could even finish setup

Then it escalated. Some apps no longer had a sign-out button. Others wouldn’t delete. Folders showed data usage — but opened completely empty.

When I disconnected iCloud, the UI began glitching, with looping menus and vanishing buttons. Then the App Store started glitching.

After I shut down Game Center, the App Store interface broke entirely — with parts of it loading in code and Russian, blank icons, and corrupted listings.

It no longer felt like Apple. It felt like something trying to impersonate it.

System behavior changed. And despite switching accounts, networks, and even Apple devices — the same patterns followed me.

Digital Threat Detection: Your First Line of Defense Against iPhone Hijacking

If something feels off — it probably is. Whether it’s strange popups, login alerts you didn’t trigger, or apps acting weirdly — don’t dismiss it. Your instincts are your first cybersecurity tool.

You don’t need to be an expert. Just observant — and fast.

What to capture in real time:

• Fake login pages or weird redirects

• App behaviors that don’t match what you remember

• Language or UI changes (foreign text, blank buttons, or visual lag)

• Notification logs, ghost calls, or auto-launching apps

• System errors or “no sign out” bugs

Why it matters:

• Screenshots are evidence for cybersecurity experts

• Videos help build a timeline of events

• It supports DMCA takedowns, identity theft reports, and tech support requests

Even if your device is compromised, your documentation may help prove what really happened — especially when platforms fail to believe you.

This is how you begin to fight back against:

• spoofed iOS apps

• invisible spyware

• mobile device hijacking

11 DFU Restores — and the Hijack Still Persisted

Here’s what makes this even more alarming:

I didn’t just reset my phone once.

I performed 11 full DFU (Device Firmware Update) restores — Apple’s most complete reset method.

Each time, I followed official instructions. I wiped everything. I started fresh. I didn’t reuse backups. I even used new Apple IDs and phone numbers.

And still — the impersonation, tracking, and app hijacking returned.

Why?

Because this wasn’t an account issue.

It was a deep system compromise, likely re-injected via Apple Configurator 2 or an unauthorized mobile device management (MDM) profile I couldn’t even see.

If a DFU restore — the nuclear option — didn’t fix it,

you know you’re not dealing with a basic hack.

Apple Configurator 2 Abuse & Hidden MDM Profiles: The Cyberattack You Can’t See

Here’s something I never expected to say:

I was enrolled in someone else’s mobile device management profile — and I wasn’t the admin of my own phone.

This wasn’t visible in Settings or VPN/Device Management.

The tool used? Apple Configurator 2.

A legitimate tool — misused with malicious intent.

It allowed remote control over system behavior without my consent — including contacts, WiFi configurations, app permissions, and iCloud access.

I could see my contact list — but I was nested inside someone else’s infrastructure.

I had the illusion of access — but zero authority.

Even DFU restores didn’t fully break the connection.

That’s how deep the hijack went.

This wasn’t just identity theft.

This was impersonation through infrastructure.

And the most concerning part?

It mimicked Apple so well that Apple Store employees didn’t catch it — or worse, dismissed my concerns.

This Wasn’t a Glitch — It Was a Strategy

Looking back, it’s hard to believe how consistent and strange the behavior was. I didn’t realize how deeply things could go wrong, even inside something I trusted.

This wasn’t random, and it wasn’t a mistake. It was targeted. Layered. Sophisticated. 

The kind of attack that doesn’t just aim to steal your password — it wants persistent access, across apps, devices, and identities.

And when I tried to ask for help at the very store that sold me the phone, I was met with disbelief, gaslighting, or silence.

At the Apple Store Genius Bar, some employees seemed more concerned with guarding inventory than addressing the problem. A few openly implied I was trying to scam my way into a new device. I was told that a DFU restore should fix everything — and when it didn’t, I was treated like the issue was me.

I say this as someone who used to work at Apple — someone who knows how the ecosystem should behave when it’s clean, and how it shouldn’t. That made the experience all the more surreal.

Even within the Apple ecosystem — using only native apps and fresh Apple IDs — the impersonation and tracking continued.

To Anyone Reading This: You Are Not Crazy

If you’ve experienced things that didn’t make sense — like:

• Losing access to your real accounts

• Seeing messages you didn’t send

• Watching fake versions of your identity appear online

• Apps misbehaving in ways you can’t explain

• Passwords not working even though you know they’re correct

• Devices reacting to things you never touched

• Or feeling like your phone has a mind of its own

You are not paranoid. You are not imagining it. And you are definitely not alone.

What’s happening to you may not leave an obvious trail — that’s part of the design. These kinds of attacks are meant to feel like glitches. Meant to make you second-guess yourself. Meant to delay action by making you feel unsure, embarrassed, or even “crazy.”

I know — because it happened to me, too.

You’re not overreacting. You’re responding to something engineered to stay hidden. And the first step to protecting yourself is realizing:

It’s not just you.

A Note to All Creators, Bloggers, and Public Figures

If you publish, post, or speak online — you have a digital fingerprint. And that makes you a potential target. It doesn’t matter how small or large your audience is.

If someone wants to exploit your name, your brand, or your platform — they’ll try. Especially if you’re verified, visible, or trusted by your community. So protect your presence like it’s part of your identity — because it is.

Secure your accounts. Use hardware keys. Avoid reusing credentials. Keep documentation of what’s yours, and stay alert to anything that feels off.

Because sometimes, what looks like a technical issue… is actually someone trying to become you.

Stay sharp. Stay safe.

And never let anyone make you feel crazy for noticing the truth.

How to Stay Safer (Even If You’re Not Techy)

While I won’t share all the ways I’ve protected myself — because I’m still actively defending my identity — I will share this:

• Be cautious when setting up a new phone. Don’t rush through the steps.

• Avoid using “Sign In With” features until you’re sure the app and device are secure.

• Don’t assume an app is safe just because it appears in the App Store.

• Save screenshots of anything that feels strange. You may need them later.

And Again, Thank You to My Community

If you’ve received messages, invitations, brand requests, or pitches from anyone pretending to be me — they’re not me.

I have not initiated any public-facing content, collaborations, or business activity since April 23, 2025. If you see something, don’t engage — but do report and document it.

Your alerts help me track the impersonation. Your trust helps me keep going.

PSA:  I am the victim of identity theft and impersonation. Please be cautious of any online entity claiming to be me or represent me. 

I’m taking every step to recover and protect my identity — but until then, stay sharp, stay skeptical, and stay safe.

Want to Protect Yourself?

If this post resonated with you — you’re not alone.

Read my companion post: How I Woke Up to My Blog Being Hijacked and How to Protect Yours from Bad Actors

And subscribe to stay updated — in my next post, I’ll share how my entire Apple ecosystem — from iPhone to MacBook, and even my trusted WiFi network — was poisoned, and what you can do if it happens to you.

Your safety matters. So does your voice.

This Is Part 2 of My 5-Part Cybersecurity Series

After falling victim to identity theft, impersonation, and advanced digital hijacking, I began documenting what no one prepares you for — and how to protect yourself if it happens to you.

Each post builds on the last to uncover how modern threats can infiltrate your blog, your devices, your network — and even your identity.

Read the Full Series:

Part 1: How I Woke Up to My Blog Being Hijacked (And How to Protect Yours from Bad Actors) | What started as blog impersonation exposed deeper issues with digital platform trust, AI-generated clones, and account takeovers.

Part 2: It Looked Like Instagram — Until It Hijacked My Life | How a spoofed iOS app and Apple Configurator 2 gave someone else control of my iPhone — even after 11 DFU restores.

Part 3: How to Tell If Your WiFi Is Hacked (And What to Do About It) | A poisoned router. A spinning light. A drone overhead. Learn how smart homes get silently surveilled — and how to shut it down.

Part 4: Locked Out and Looping: What Happens When Big Tech Won’t Help You Reclaim Your Identity | What to do when account recovery fails, Apple IDs stay compromised, and your real name is no longer under your control.

Part 5: You Don’t Have to Go Viral to Be Vulnerable (Coming Soon) | Even without fame, you can become a target. Here’s what I’ve learned about long-term threat persistence, digital healing, and rebuilding trust in your own devices.

---

FAQ: Questions You Might Have After Reading This

Q1: Can Apple Configurator 2 really be used to hack someone’s iPhone?

A: Yes — when misused, Apple Configurator 2 becomes a powerful tool for unauthorized control. It’s designed for organizations to manage and supervise devices, but in the wrong hands, it can silently enroll your iPhone in a Mobile Device Management (MDM) profile without your knowledge.

Once supervised, the attacker can push fake settings, block features, monitor your device remotely, and even manipulate how apps behave — all while everything appears normal.

In my case, I wasn’t the true admin of my own phone. I could see my contact list, but I was actually inside someone else’s MDM environment. The supervision was hidden — not visible in standard Settings — and even DFU restores didn’t permanently break the connection.

Q2: What does it mean if Safari briefly opens when I install an app from the App Store?

A: That became one of the biggest red flags — and it’s incredibly easy to overlook.

Every time I downloaded certain apps, especially high-target ones like Instagram or Facebook, I noticed a pattern:

After the download, my phone would momentarily jump into Safari, then bounce back into the App Store or launch screen. It happened fast — just a blink.

What loaded next looked like the real app — but it wasn’t.

That unexpected Safari detour was a spoofing handoff — a possible sign that the download was intercepted, rerouted, or mirrored through a malicious proxy. It may have used MDM commands, custom configuration profiles, or poisoned network settings to inject a fake layer on top of a trusted experience.

The app would function just enough to feel normal, while silently siphoning data or maintaining backdoor access.

If you ever see Safari flash open during or immediately after installing an app — especially from the App Store — do not ignore it. It may be the only visible sign of a man-in-the-middle (MITM) attack or system-level compromise.

Q3: I already did a DFU restore — why does my phone still act like it’s hijacked?

A: I asked the same question — after 11 DFU restores, each with different Apple IDs, new phone numbers, and no backups.

What I learned is that DFU isn’t always enough.

If your device has been supervised through Apple Configurator 2 or enrolled in Apple’s Device Enrollment Program (DEP), it can re-enroll itself in MDM — even after a full wipe. That means the control structure stays in place, silently reinstalling supervision or poisoned settings during setup.

I followed every protocol:

New Apple IDs, new SIMs, clean setups — and yet, the impersonation, app hijacking, and strange system behavior returned.

That told me this wasn’t a bug or user error. It was infrastructure-level abuse, disguised to look like trusted Apple behavior.

---

Rights & Media Policy

This series and all content published on SincerelySusye.com are protected by copyright.

Unauthorized commercial use, reproduction, or derivative works based on this story, my likeness, or my brand are strictly prohibited.

SincerelySusye™ is the trademarked brand identity of Susye Weng-Reeder, LLC, and may not be used, reproduced without written permission. Impersonation in any form is prohibited.

All written content, brand language, and story material on this site are © Susye Weng-Reeder, LLC. All rights reserved.

For responsible press, media, or collaboration inquiries, please contact me directly via SincerelySusye.com.

I reserve the right to decline interviews or features that do not reflect the care, truth, or sensitivity this topic requires. Thank you for respecting the integrity of my story.

Licensing Terms

Unless explicitly stated otherwise, all original written content, images, and brand assets published on SincerelySusye.com are the intellectual property of Susye Weng-Reeder, LLC.

No portion of this site, including blog posts, visual content, or storyline material, maybe be copied, reproduced, distributed, or publicly republished beyond fair use, whether for commercial or public use without prior written permission.

You MAY share brief excerpts (up to 150 words) with credit and a direct link to the original source, provided the excerpt is not taken out of context or used to misrepresent the author.

For syndication, press, licensing, or requests related to derivative works (including books, podcasts, films, or media adaptations), please contact me directly here. 

Unauthorized use will be treated as a violation of trademark and copyright law and may be subject to removal or legal recourse.

This site is protected under U.S. copyright law and the Digital Millennium Copyright Act (DMCA).