I’ve been around technology a long time. Long enough to know when something smells like crap. Long enough to know that when bad actors find an opening, they don’t knock — they walk right in and make themselves comfortable.

Yesterday afternoon, I found out someone opened an Instagram account impersonating me.

Not kind of impersonating me. Not a fan account. A straight-up imposter using the handle shimel.alan. That is not my Instagram name. Not even close. Brand new account. Zero history. Zero content. But already following about 85 people who follow me, and — here’s the part that should make everyone pause — 10 of those people followed the fake account back.

That’s how this starts. Quiet. Clean. No obvious red flags. No spam posts yet. Just enough credibility to slip through the cracks.

And before anyone says, “Well, nothing bad happened yet,” let me stop you right there. This is exactly how scams, social engineering, and identity abuse get traction. You don’t wait until the damage is done to call it a problem. If you do, you’ve already lost.

I did what any responsible, cyber-savvy person would do. I reached out directly to the ten people who followed the imposter and told them what was going on. Asked them to unfollow and block the account. I messaged the imposter themselves to let them know I was onto them and taking action. I posted a warning on my real Instagram account so my followers wouldn’t get fooled.

So far, the fake account hasn’t posted anything. I’m watching it like a hawk. But that’s not the point.

The point is what happened next — and this is where my blood really starts to boil.

I did what Meta tells us to do. I hit the Report button. I followed their flow. Click, click, click — straight into AI support hell.

Why are you reporting this account?

➡️ Impersonation.

Who is being impersonated?

➡️ Me.

What is the nature of the impersonation?

➡️ Scam.

Clear enough, right? Open and shut. Real person. Real name. Real account. Fake account copying it.

Fifteen minutes later — maybe less — I got the response.

No violation of community standards.

Nothing they could do.

That was it.

No appeal.

No escalation.

No way to talk to a human.

No request for verification.

No “we’re investigating.”

Just a cheery little follow-up with links suggesting I contact a suicide crisis hotline, reach out to a friend to talk about my feelings, or read more about Meta’s community standards.

I wish I were making that up.

That response tells you everything you need to know about Meta’s priorities — and none of it is good.

Let me be very clear: If Meta’s systems can’t identify an obvious impersonation of a real, verifiable person, then Meta is not serious about security. Period. Full stop.

And before anyone says, “Well, the AI probably didn’t have enough signal,” spare me. This wasn’t some edge case. This wasn’t satire. This wasn’t a gray area. This was a brand-new account using my name to target my network. If that doesn’t trip alarms, the alarms are broken — or worse, intentionally ignored.

What really gets me is this: Meta wants all of us to trust their platforms with our identities, our networks, our reputations, and our livelihoods — but when something goes wrong, they shrug and point to a policy page.

That’s not security. That’s negligence wrapped in automation.

I consider myself cyber-savvy. I’ve covered security, DevOps, and infrastructure for decades. I know how attackers operate. I know the playbooks. And if this can happen to me — someone paying attention, someone who knows what to look for — it can happen to anyone.

Your parents.

Your kids.

Your colleagues.

Your customers.

And when it does, they’re going to get the same AI-generated brush-off I got.

Let’s talk about what Meta does care about.

They care about posting.

They care about engagement.

They care about ad impressions.

They care about growth metrics that they can brag about on earnings calls.

What they clearly don’t care about is impersonation until it becomes a PR problem. And by then, the damage is already done.

We hear horror stories all the time — people scammed out of money, reputations destroyed, accounts hijacked, trust eroded. We clutch our pearls and ask, “How does this keep happening?”

Here’s how: The platform owners treat impersonation as a content moderation inconvenience instead of a security threat.

Impersonation is a security issue.

It is fraud enablement.

It is social engineering infrastructure.

And Meta’s current process actively enables it.

I’ve now had several other people report the fake account as well. Let’s see if volume does what common sense wouldn’t. But that’s not a system — that’s a lottery.

If anyone reading this works in Instagram or Facebook security, I could use your help. Seriously. Because right now, the official path is a dead end.

And Meta? Maybe take one of those massive AI data centers you love to hype and dedicate it to protecting real people from real harm. Because experience has shown me this: if you’re not serious about protecting my identity, you’re not serious about protecting anyone’s.

Not mine.

Not yours.

Not security. Period.

Shame on you, Meta.