A QUARTER OF ALL reported losses from fraud in 2021 originated on social media, according to the Federal Trade Commission, and those losses cost about $770 million.
Yes, social media is a popular way to keep in touch with family and friends, receive news and get information. According to Pew Research, 73% of people ages 50 to 64 used social media in 2021, as did 45% of those ages 65 and over. But using social media requires vigilance. Many of us share personal details of our lives there, which fraudsters can then take advantage of.
Fraudsters can also use social media to send us spam and malicious software or access our other linked accounts, such as email, to impersonate us in attempts to scam relatives and friends. Want to reduce your chances of getting scammed? Here are 10 ways to fight the fraudsters lurking on social media.
1. Use strong passwords and multi-factor authentication. The first line of defense protecting any account is a strong password. Attackers use clues from your social media posts to guess at your password, so when creating passwords avoid using nicknames, pets’ names or birth dates.
Also avoid using the same password for different accounts. Consider using a password manager to keep from having to remember so many passwords.
Although it can sometimes be inconvenient, multi-factor authentication adds an extra layer of security to social media and other accounts. Multi-factor authentication means you need something besides your password to access your account. For example, you can set up Facebook to send a login code or confirmation text to your phone when you or someone else tries to access your account from an unrecognized browser or device.
2. Minimize linked accounts. Linking your accounts can be handy, but if attackers break into one account, they can potentially access other accounts linked to it. Consider linking accounts only when the need arises and then deleting the link afterward.
3. Keep personal information to a minimum. Limit the information you store in your profile. If attackers access your account, you don’t want them getting your date of birth, home address, phone number, email address or other personal details from your profile.
When you create a new account, the privacy settings are set to defaults chosen by the firm. You may not want this. Review and fine-tune your settings before making your first post. Otherwise, you may send vacation shots intended only for friends but inadvertently broadcast them to the world. Remember that what you post can be saved and shared by others without your consent.
In 2009, the incoming head of the British intelligence service MI6 had his family’s information exposed by his wife’s Facebook posts. This included where they lived and worked, details about their children, names of their friends and where they went on vacation. She had set virtually no privacy protections, so her posts were visible to 200 million users around the globe who chose to use the site’s open-access London network.
It’s sobering to think that we often have no control over what the platform itself does with our data. In 2015, Facebook shared the private data of up to 87 million users with British consulting firm Cambridge Analytica without users’ knowledge or consent. Facebook parent, Meta, agreed to pay $725 million last December to settle a class action lawsuit for invasion of privacy over the incident, but didn’t admit to any wrongdoing.
5. Don’t click on links from strangers. Phishing—sending misleading messages in the hopes of gaining confidential information or spreading malicious software—is at least as big a threat on social media as it is in email. An attacker can deliver a message with a link to a malicious web page, one that closely resembles a social media platform’s login page, to steal users’ login credentials. Or the attacker can distribute a false but enticing news story that infects the user’s device with malware when a user clicks on it.
Attackers can also create fake profiles that mimic famous brands. The attacker uses these profiles to trick users into entering personal information in exchange for a coupon or prize.
One of the newest phishing attacks is consent phishing, in which the attacker tricks a user into allowing a malicious app to have access to the user’s account. Consent phishing is effective because the app is registered to a familiar provider, such as Microsoft, and the request for access bears the provider’s name and logo. Consent phishing can bypass any multi-factor authentication you may have set up on the account.
6. Watch what you post. Although many people like to post details of their lives on social media, these details can be valuable to criminals and scammers. Photos of our home can show burglars how to get in. Posts about upcoming trips can tip off burglars to our location and when we’ll be away. Information about class reunions and schools attended can enable scammers to impersonate our former classmates or school officials.
7. Don’t send a stranger money. Romance scams are widespread on social media, especially around Valentine’s Day. Scammers create fake profiles to lure people into online relationships, and then ask for money. Many older adults are isolated, lonely and trusting, making them prime targets for romance scams. In one heartbreaking case, a 70-year-old widow in Prescott Valley, Arizona, lost nearly $800,000 and was left destitute by a social media scammer, who was later arrested.
With investment scams, the thief convinces victims to invest in cryptocurrency platforms that the scammer controls. The scammer eventually takes all the money and disappears.
With shopping scams, scammers create fake online stores advertising popular products at bargain prices, and then advertise these stores on social media. When unsuspecting users order products from the stores, their financial information is stolen and the products never arrive. Investment and shopping scams are the social media scams with the most dollars lost and the most reported incidents, respectively.
8. Be careful accepting friend or connection requests. Accepting friend requests from strangers or even fake accounts increase the risk of a scam or data breach. Your new “friend” could try to scam you using information gathered from your profile and posts.
Any security vulnerabilities our social media friends have could also affect us. In the Cambridge Analytica incident mentioned earlier, a university researcher created a Facebook personality quiz that secretly gathered profile information not only from the 270,000 users who took the quiz, but also from all of the quiz-takers’ 87 million Facebook friends.
9. Close accounts you aren’t using. Maybe you created an Instagram account once because your friend or grandchild suggested it, and you never used it. Now it’s been a year or more, and you have no idea what’s been happening with the account.
Instagram and other platforms claim to remove unused accounts after varying intervals of inactivity, but it’s best to delete accounts you don’t need. You can create another account if you need to use the platform again.
10. Beware of scams. Perhaps the best defense is to remember that there are risks to using social media. Social media is about forging connections and forming groups, so it’s natural to be more trusting of people similar to us.
People are more than twice as likely to engage with scammers on social media than by email or phone, and four times more likely to lose money, according to research by the Stanford Center for Longevity. We can protect ourselves by not engaging with strangers on social media and exercising due diligence before clicking or sharing.
Max Chi retired in 2022 after a career as an IT specialist. He also has a background in physical science and digital marketing, and a strong interest in personal finance. Max enjoys traveling, sightseeing and freelancing. He and his wife live in Texas. Max’s previous article was Be Careful Out There.