FREE NEWSLETTER

Anti-Social Behavior

Max Chi

A QUARTER OF ALL reported losses from fraud in 2021 originated on social media, according to the Federal Trade Commission, and those losses cost about $770 million.

Yes, social media is a popular way to keep in touch with family and friends, receive news and get information. According to Pew Research, 73% of people ages 50 to 64 used social media in 2021, as did 45% of those ages 65 and over. But using social media requires vigilance. Many of us share personal details of our lives there, which fraudsters can then take advantage of.

Fraudsters can also use social media to send us spam and malicious software or access our other linked accounts, such as email, to impersonate us in attempts to scam relatives and friends. Want to reduce your chances of getting scammed? Here are 10 ways to fight the fraudsters lurking on social media.

1. Use strong passwords and multi-factor authentication. The first line of defense protecting any account is a strong password. Attackers use clues from your social media posts to guess at your password, so when creating passwords avoid using nicknames, pets’ names or birth dates.

Also avoid using the same password for different accounts. Consider using a password manager to keep from having to remember so many passwords.

Although it can sometimes be inconvenient, multi-factor authentication adds an extra layer of security to social media and other accounts. Multi-factor authentication means you need something besides your password to access your account. For example, you can set up Facebook to send a login code or confirmation text to your phone when you or someone else tries to access your account from an unrecognized browser or device.

2. Minimize linked accounts. Linking your accounts can be handy, but if attackers break into one account, they can potentially access other accounts linked to it. Consider linking accounts only when the need arises and then deleting the link afterward.

3. Keep personal information to a minimum. Limit the information you store in your profile. If attackers access your account, you don’t want them getting your date of birth, home address, phone number, email address or other personal details from your profile.

4. Choose your privacy settings carefully. Each platform has different policies regarding what information is shared with whom. Most platforms allow you to control who can see your public profile, your posts, your location and when you were last active on the platform. Review each website or app’s privacy policy or search using terms such as “Facebook privacy settings” to find out what you have control over.

When you create a new account, the privacy settings are set to defaults chosen by the firm. You may not want this. Review and fine-tune your settings before making your first post. Otherwise, you may send vacation shots intended only for friends but inadvertently broadcast them to the world. Remember that what you post can be saved and shared by others without your consent.

In 2009, the incoming head of the British intelligence service MI6 had his family’s information exposed by his wife’s Facebook posts. This included where they lived and worked, details about their children, names of their friends and where they went on vacation. She had set virtually no privacy protections, so her posts were visible to 200 million users around the globe who chose to use the site’s open-access London network.

It’s sobering to think that we often have no control over what the platform itself does with our data. In 2015, Facebook shared the private data of up to 87 million users with British consulting firm Cambridge Analytica without users’ knowledge or consent. Facebook parent, Meta, agreed to pay $725 million last December to settle a class action lawsuit for invasion of privacy over the incident, but didn’t admit to any wrongdoing.

5. Don’t click on links from strangers. Phishing—sending misleading messages in the hopes of gaining confidential information or spreading malicious software—is at least as big a threat on social media as it is in email. An attacker can deliver a message with a link to a malicious web page, one that closely resembles a social media platform’s login page, to steal users’ login credentials. Or the attacker can distribute a false but enticing news story that infects the user’s device with malware when a user clicks on it.

Attackers can also create fake profiles that mimic famous brands. The attacker uses these profiles to trick users into entering personal information in exchange for a coupon or prize.

One of the newest phishing attacks is consent phishing, in which the attacker tricks a user into allowing a malicious app to have access to the user’s account. Consent phishing is effective because the app is registered to a familiar provider, such as Microsoft, and the request for access bears the provider’s name and logo. Consent phishing can bypass any multi-factor authentication you may have set up on the account.

6. Watch what you post. Although many people like to post details of their lives on social media, these details can be valuable to criminals and scammers. Photos of our home can show burglars how to get in. Posts about upcoming trips can tip off burglars to our location and when we’ll be away. Information about class reunions and schools attended can enable scammers to impersonate our former classmates or school officials.

7. Don’t send a stranger money. Romance scams are widespread on social media, especially around Valentine’s Day. Scammers create fake profiles to lure people into online relationships, and then ask for money. Many older adults are isolated, lonely and trusting, making them prime targets for romance scams. In one heartbreaking case, a 70-year-old widow in Prescott Valley, Arizona, lost nearly $800,000 and was left destitute by a social media scammer, who was later arrested.

With investment scams, the thief convinces victims to invest in cryptocurrency platforms that the scammer controls. The scammer eventually takes all the money and disappears.

With shopping scams, scammers create fake online stores advertising popular products at bargain prices, and then advertise these stores on social media. When unsuspecting users order products from the stores, their financial information is stolen and the products never arrive. Investment and shopping scams are the social media scams with the most dollars lost and the most reported incidents, respectively.

8. Be careful accepting friend or connection requests. Accepting friend requests from strangers or even fake accounts increase the risk of a scam or data breach. Your new “friend” could try to scam you using information gathered from your profile and posts.

Any security vulnerabilities our social media friends have could also affect us. In the Cambridge Analytica incident mentioned earlier, a university researcher created a Facebook personality quiz that secretly gathered profile information not only from the 270,000 users who took the quiz, but also from all of the quiz-takers’ 87 million Facebook friends.

9. Close accounts you aren’t using. Maybe you created an Instagram account once because your friend or grandchild suggested it, and you never used it. Now it’s been a year or more, and you have no idea what’s been happening with the account.

Instagram and other platforms claim to remove unused accounts after varying intervals of inactivity, but it’s best to delete accounts you don’t need. You can create another account if you need to use the platform again.

10. Beware of scams. Perhaps the best defense is to remember that there are risks to using social media. Social media is about forging connections and forming groups, so it’s natural to be more trusting of people similar to us.

People are more than twice as likely to engage with scammers on social media than by email or phone, and four times more likely to lose money, according to research by the Stanford Center for Longevity. We can protect ourselves by not engaging with strangers on social media and exercising due diligence before clicking or sharing.

Max Chi retired in 2022 after a career as an IT specialist. He also has a background in physical science and digital marketing, and a strong interest in personal finance. Max enjoys traveling, sightseeing and freelancing. He and his wife live in Texas. Max’s previous article was Be Careful Out There.

Want to receive our weekly newsletter? Sign up now. How about our daily alert about the site's latest posts? Join the list.

Subscribe
Notify of
14 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Suzie
1 year ago

Very useful information. I personally know three instances the last two months, of scamming attempts. Unfortunately, one person (not me) did get scammed. A friend was interacting with someone pretending to be a well know actor, who attempted to scam them, asking for personal information (i.e. did she own her house, where did she bank, etc.) Initially, she was so excited, telling me over several weeks about this person messaging her thru social media. I suspected it was a scammer, she finally figured it out on her own. Hubby’s cousin had someone she thought was a friend from church email her asking her to send their niece money thru Amazon. Unfortunately she sent them $200. She figured out she had been duped when they emailed her the next day asking for $500. I received a friend request on Facebook from a former co-worker. It looked legit so I accepted. A day later they DM’d me on FB just to say “hi.” I ignored it initially and they DM’d again. I finally responded and they kept it up. The messages were persistent and I was immediately suspicious. Then I got a message at 3AM telling me there was a program that would send me money. They claimed that they received $100k from the government sent to them via FedEx and they would help me apply. I immediately unfriended them and blocked them. You really do have to be vigilant and skeptical.

neyugn
1 year ago

I do an informal statistic on number of passwords one possesses, that number is higher 30 (email account, bank account, brokerage account, …). Use a reliable password safe to store all your passwords.

Who among us can generate and memorize 12-characters password in one’s head ? Another reason to use password safe.

Here’s the link on the assessment of how weak of one’s password based on number of characters. Again, use a reliable password safe to generate and safekeep your passwords.

Leave password memorization to the tool and let your brain work on something else.

Last edited 1 year ago by neyugn
mytimetotravel
1 year ago

All good advice, but even simpler is to reduce your social media presence. I have lived happily for years without ever having a Facebook account and with a dormant Twitter account. I am using my real name on this site when I write articles, but almost everywhere else I use a screen name. I see very few scams and phishing attacks, and I don’t understand the compulsion to take selfies and share your life with all and sundry. But I’m a Brit and an introvert.

Last edited 1 year ago by mytimetotravel
DrLefty
1 year ago
Reply to  mytimetotravel

Everyone’s different. I use Facebook and Twitter, but in ways that serve me. Facebook allows me to keep up more easily with friends and family, but the main reason I go to it these days is to keep up with groups I’ve joined, for example regarding travel, cooking, or fitness. I’ve learned a lot from those groups. As for Twitter, I almost never tweet my own stuff but scroll through my feed regularly to get up-to-date news on things like my favorite sports teams or even natural disasters, like wildfires or earthquakes. (I live in California, where both are concerns.)

I don’t do much self-disclosure on either platform—just not really my style—but I definitely both enjoy and benefit from them.

parkslope
1 year ago
Reply to  mytimetotravel

I do the same which minimizes phishing. I do occasionally get phishing emails purporting to be my sister because her contacts have been hacked multiple times.

Olin
1 year ago

Regarding #5 Consent Phishing, how would one know if this is happening to them and how to get rid of it?

Great article, but it’s a scary social environment we are facing.

mytimetotravel
1 year ago
Reply to  Olin

Don’t click on links in texts and emails. I don’t even click on them in emails from some friends.

Olin
1 year ago
Reply to  mytimetotravel

There are times a friend will send an email that has a link attached, but nothing said about why it is being sent. I always have to inquire if they sent it and is safe to open. Thanks!

parkslope
1 year ago
Reply to  Olin

Look at the sender’s full email address that is after their name between <> marks. The last one Phishing email I received that said it was from my sister had an address that ended with.ru (Russia).

parkslope
1 year ago

Excellent advice. From what I’ve read multifactor authentication is much more important than a strong password. This makes sense when you consider the number of possible passwords a high speed computer generate in a few nanoseconds.

Last edited 1 year ago by parkslope
Nate Allen
1 year ago
Reply to  parkslope

Very true. I go out of my way to set up two-factor authentication on every site that will allow it and bug the contacts at places that don’t. My wife once made the mistake of complaining about the hassle of two-factor authentication when I was within earshot. I went on to describe the importance and necessity for it and why it was important to put up with a mild inconvenience for the sake of security. She likely thought I was being a bit overly dramatic, which I am want to do sometimes.

Will
1 year ago
Reply to  Nate Allen

sp: “ which I am WONT to do”

Nate Allen
1 year ago
Reply to  Will

Thanks Will.
Darn autocorrect…

Autocorrect is wont to do that to me.

R Quinn
1 year ago

Excellent helpful tips. I am amazed at the efforts scammers put into trying to trick us. Some fraudulent e-mail looks so real from our bank it’s easy to see how people are tricked. Managing passwords is such a pain in the neck.

Free Newsletter

SHARE