Identity theft and fraud protection for your finances, personal info, and devices.
Are Your Social Media Accounts Safe From Scammers?
When Cori Roberson created her Instagram account as a teenager, she never thought it would grow to over 100,000 followers and land her lucrative brand deals and modeling contracts. But one afternoon, that was all taken from her when her account was hacked — stripping away Cori’s access to her own page and her main source of income.
Cori’s story is a harsh reminder of the importance of social media security. But it’s far from an isolated incident.
According to the latest data from the Federal Trade Commission (FTC) [*]:
In 2022, over 162,000 Americans were scammed via social media, with losses of more than $1.2 billion.
Social media scams are growing at an alarming rate. But the good news is that with a few updates to your social media security settings and practices, you can protect yourself and your accounts.
In this guide, we’ll explain how social media scams work, the warning signs of a social media scammer, and how you can keep your accounts safe.
What Are the Biggest Social Media Security Risks?
Social media profiles are among the most common targets for scammers, hackers, and identity thieves. Fraudsters know that if they can hack your accounts, they can use them to scam your followers or find sensitive information about you that they can use to steal your identity.
According to the Identity Theft Resource Center (ITRC), social media account takeovers have risen by over 1000% in the past year [*].
But social media scams aren’t just about gaining access to your account.
Here are some of the biggest social media security risks that you should be aware of:
- Account takeovers. Hackers can gain access to your social media accounts by using phishing attacks, social engineering, or buying your login credentials off the Dark Web after a data breach. Once they take over your account, they’ll post scams that target your followers or ask them for money directly. Account takeovers not only put your contact list at risk; they can also damage your career and reputation in the process.
- Social media phishing scams. Scam artists use popular phishing scams to steal sensitive data from you. Some may collect this data and use it to launch cyberattacks against you or people you know.
- Malicious links and phishing websites sent via direct messages (DMs). Hackers often send malicious messages via social media DMs. These messages may contain links to fake websites, or may even infect your device with malware or ransomware if you click on them.
- Data mining (leading to identity theft). When attackers have access to your social media account data, they can use the information they find to break into your other accounts. Once they gather enough data, they can open brand new accounts in your name – including bank and credit card accounts.
- Romance scams. Romance and online dating scams can also occur via social media. Scammers create fake profiles in an attempt to build relationships with their victims. They may promise dates and other favors in exchange for gifts, or urgently request money to resolve an emergency.
- Cyberbullying and online harassment. More than one-third of young people between the ages of 12 and 17 report being bullied online, with many of them being harassed over social media [*]. In extreme cases, cyberbullying can lead to what’s known as “doxxing” — when bullies share information about their victims online, such as addresses and phone numbers. Depending on the type of private data published, victims of doxxing may be at greater risk of having their identities stolen.
✅ Take action: If you accidentally give social media scammers your personal information, your bank account and identity could be at risk. Get 33% off of Identity Guard’s award-winning identity theft protection and secure yourself against scammers.
10 Ways To Secure Your Social Media Accounts
- Safeguard your accounts with strong passwords
- Enable two-factor authentication (2FA)
- Tighten your social media privacy settings
- Only accept connections requests from people you know
- Learn to recognize a phishing scam
- Check the Dark Web for leaked personal data
- Enable “login notifications” on your accounts
- Use ad-blocking software
- Don’t log in to social media on public Wi-Fi
- Consider signing up for a digital security solution
Not every social media user will find themselves victimized by hackers and bullies. Practicing safe social media use can reliably keep your accounts secure. Here are some of the ways you can prevent people from breaking into your accounts, accessing your private data, and tricking you with scams.
1. Safeguard your accounts with strong and unique passwords
Passwords are the first — and sometimes only — line of defense against social media security risks. At a bare minimum, you should use a unique and difficult-to-guess password for each of your accounts.
Here are a few ways to create and remember strong passwords:
- Make them long. Longer passwords are more secure because they’re harder to crack using software tools. Aim for passwords that are at least 10 characters long.
- Don’t use the same passwords or variations. If you reuse passwords and they’re leaked in a data breach, it can give hackers access to more of your accounts. Always use unique passwords for every account.
- Use a passphrase. Combine words or create a shortened passphrase that only you will know. For example, if you love the phrase “all the world’s a stage,” you could use the passphrase “AlThWoaStage.”
- Add numbers and special characters. Adding non-letters to your passwords makes them even harder to guess or crack. For example, you could use “&lThWoa$tag3.”
- Store them in a secure password manager. It’s almost impossible to remember unique passwords for every single account. For this reason, every Identity Guard account comes with a powerful password manager that stores and gives you access to your account logins when you need them. Learn more about how Identity Guard keeps you safe online.
2. Enable two-factor authentication (2FA) on your accounts
Two or multi-factor authentication (MFA) adds a second layer of security to your social media accounts. When you log in, you’ll need your account name, password, and an additional code — such as a one-time-use password sent to your phone or authenticator app.
Nearly all social media apps offer the option to enable two-factor authentication on your accounts as an additional security measure.
Here’s how to add 2FA to your social media accounts:
3. Tighten your social media privacy settings
Your social accounts and profiles can provide scammers with a lot of sensitive information about who you are, where you live, and ways that you could be vulnerable to their attacks. That’s why it’s a good idea to keep your accounts private and limit the amount of personal information that you share in your profile.
If you don’t want to make your entire profile private, make sure to follow these best practices:
- Avoid sharing your live location or daily routines.
- Limit what you share in the “About” section of your social media profile.
- Never share private information, identification numbers, or images of official documents online.
4. Only accept connections and friend requests from people you know
Accepting connections (including “follows” and friend requests) from people you don’t know can open you up to multiple social media security threats. Instead, keep your followers list limited to just people you know — and regularly audit it for anyone whose account has gone dormant (and could be hacked).
If you manage a business or a public persona, create a separate account for it. Ideally, your personal account should be disconnected as much as possible from your brand or business.
5. Learn to recognize the warning signs of a phishing scam
Fraudsters use social media to target their victims with phishing attacks. If you receive an unsolicited or strange direct message (DM), make sure to avoid engaging with it and never click on strange links.
Here are some warning signs of a social media phishing scam:
- Grammar and spelling errors. Phishing attack messages may include strange language and formatting or sound like they’re written by a non-native English speaker.
- Brand-new accounts with no content and few friends. Fraudsters create these accounts simply to target victims. If an account looks new or fake, it’s probably a scam.
- Receiving unsolicited messages that contain links. Never click on links in unsolicited messages. If a contact sends you a link that seems suspicious, double-check that it’s legitimate by contacting the sender through another method (such as calling or texting them).
- Threatening or urgent language. Scammers often try to create a sense of urgency by threatening you or claiming that you’ve won a prize.
- Posts or ads that seem too good to be true. Fraudsters may also create fake social media ads that take you to dangerous websites. If an ad seems too good to be true, it probably is.
- People who insist on moving conversations onto other platforms. Fraudsters may request to communicate with you on another platform, such as Whatsapp or Telegram, in case their social media account is taken down.
6. Check the Dark Web for leaked personal data
If your private data has been leaked in a data breach, hackers may be able to find it for sale on the Dark Web. This is especially dangerous for people who reuse passwords across multiple web platforms — as hackers can use automated tools to test leaked passwords across hundreds of accounts.
For example, if you reuse your Facebook password on another site that gets hacked, scammers can take over your social media accounts. Even worse, scammers may put your account logins up for sale on Dark Web forums. In some cases, hacked social media account details can cost as little as $25 [*].
Use Identity Guard’s free Dark Web scanner to find out if any of your data is available on an illicit online marketplace.
If you find out your account details are for sale online, you should immediately change your passwords, secure your accounts, and invest in identity theft protection.
7. Enable “login notifications” on your accounts
Many social media platforms can warn you if other browsers or mobile devices are being used to log in to your account (other than the usual ones you use). These notifications can quickly warn you if a hacker has gained access to your account and is trying to lock you out.
For example, you can enable login notification functionality in Facebook under your “Security and login” settings.
It’s not just unusual login activity that you should watch out for. When Facebook released Login Notifications in 2020, it also included information about third-party application access — which can tell you if certain web applications (such as group and party apps) or tools have access to your account [*].
If you notice logins or other account activity from devices or applications that you don’t recognize, revoke their access and secure your account.
8. Use ad-blocking software to avoid fake ads and scams
Many malware scams rely on fake advertisements to trick people into downloading harmful content. Fake ad scams on social media are especially dangerous, as fraudsters can use detailed information about your hobbies and interests to target you.
Ad-blocking software can reduce the number of ads and scams you see — helping to protect you online.
✅ Stay safe online. Every Identity Guard plan includes a secure password manager and Safe Browsing tools to block harmful websites. Save 33% on your Identity Guard membership when you sign up today.
9. Don’t log in to social media on public Wi-Fi
Public Wi-Fi is a major cybersecurity risk and opens you up to several vulnerabilities. For example, if you log in to your social media accounts while on public Wi-Fi, hackers can intercept your password or spy on you online.
If you can’t avoid connecting to public Wi-Fi, make sure to encrypt your connection by using a virtual private network (VPN). If you’re using your phone or mobile device, you can also connect by using mobile data instead of Wi-Fi.
10. Consider signing up for a digital security solution
Even with the best security measures in place, you may not be able to prevent scammers from targeting you via social media. Digital identity protection providers can help reduce the risk of social media scams by safeguarding your personal information, financial accounts, and devices.
For example, with Identity Guard you get:
- Award-winning identity theft protection. Identity Guard monitors your name, Social Security number (SSN), driver’s license number, and more — and alerts you when someone uses your personal data.
- Credit, bank account, and investment account monitoring. Identity Guard constantly monitors your most sensitive financial accounts and can alert you in near real-time of signs of fraud.
- 24/7 access to a team of U.S.-based Fraud Resolution Specialists. Whenever you have a question or concern, Identity Guard’s trained security professionals are available to help.
- Up to $1 million in identity theft insurance. If the worst should happen, Identity Guard covers you for up to $1 million in eligible losses due to identity theft, including stolen funds, lawyer fees, and child or senior care.
If you’re ready to secure your identity against scammers, sign up for Identity Guard today and save up to 33% on your membership.
How To Tell If You’re Talking To a Scammer on Social Media
- Unusual grammar or spelling. Most people don’t suddenly change the way they write. If one of your connections starts using poor spelling or awkward phrases, it may indicate an account compromise from a non-native English-speaking scammer. If you know the person personally, you can compare their online and offline behavior more accurately.
- Messages from people you rarely talk to. The biggest and most common social media scam is impersonation. If someone you don’t talk to on a regular basis messages you, pay close attention to the reason they give.
- Messages that create a sense of urgency. Scammers create a sense of urgency to prevent you from looking too closely at their actions and motives. Some scammers use accidents and disasters to do this. Others try to manipulate your curiosity or concerns about your reputation – for example, linking a video and asking, “Is this really you?”
- Profiles with suspicious content. If you receive a friend request, be suspicious if the user profile is flooded with posts about random subjects or links to third-party websites — as these are major warning signs of a fake account.
- Messages about special programs or “free money.” If a deal seems too good to be true, it probably is. Be skeptical about messages that concern government payouts, cryptocurrency platforms, or other financial programs.
- Asking to move conversations to email or text. Imposters often rush their targets to move the conversation away from the social media platform they’re using. This is because fraudsters may only have a limited amount of time before getting kicked off the platform.
- Messages that include random links. Pay close attention to unsolicited links, especially if sent without context. Links can lead to spoofed websites that harvest your login data, leading to identity theft.
- Suspicious tech support queries. In most cases, tech support claims are handled exclusively by email — not on social media or via texts. Tech support scams often involve talking to users directly on social networks.
How To Report and Recover Hacked Social Media Accounts
If your account has been hacked, you may not notice until you’re locked out of your account and unable to recover your password. In this case, you’ll need to go through the platform’s specific process for verifying your identity and recovering your account.
Here’s how to recover a hacked account with most of the major social media platforms:
- Facebook. Facebook has a special application for users whose accounts have been hacked. Once you report that your account has been hacked, Facebook will investigate. It may ask your friends to confirm your identity.
- Instagram. Instagram also has a special web application for recovering hacked accounts. Once you start the process, Instagram will create a support ticket and investigate your account. You will have to verify your identity to regain access to your account.
- TikTok. If your TikTok account has been hacked, the platform recommends you reset your password and link your phone number to the service. If you can’t access your account, you will have to report the issue to TikTok’s support center.
- Twitter. Twitter asks hacked users to attempt resetting their passwords first. If that doesn’t work, you can contact support to verify your identity and launch an investigation.
- LinkedIn. LinkedIn asks users to report hacked accounts as soon as possible. LinkedIn tech support will verify the identity of the person currently using the account and try to find out how the account was compromised.
- Reddit. Reddit requires users with compromised accounts to submit a tech support request. Once you submit your report, Reddit will reach out by email to walk you through the next steps of the verification process.
- Pinterest. Pinterest may lock down your account if it detects suspicious activity. You can also lock down your account manually. If someone tries to make changes to your account, you’ll receive an email. Respond to the email to lock down your account and prevent those changes that you haven’t authorized.
- YouTube. Your YouTube account may be linked with your Google Account. You may have to recover your Google Account to gain access to YouTube. In both cases, you’ll start with Google’s account recovery tool.
- Snapchat. Snapchat processes account recovery through its tech support channel. Once you submit a request, Snapchat will reach out to you through email and verify your identity before giving you back your account.
Be warned that these processes can take time. It’s always a better idea to follow security best practices, rather than deal with the headache of regaining access after you’ve been hacked.
The Bottom Line: Stay Safe on Social Media
Everyone who uses social media needs to pay close attention to the risks of account compromise and fraud. The more people who successfully protect their accounts from scammers, the less rewarding scams will be for cybercriminals.
Digital protection solutions like Identity Guard offer the best ways to keep your personal data, social media accounts, and personal devices safe.
Identity Guard bundles award-winning identity theft monitoring protection with Safe Browsing tools and credit report monitoring in a single package, alongside a $1 million insurance policy that covers costs related to identity theft.