4 common social media scams (and how to avoid them)
There are 4.9 billion social media users globally, with the number steadily rising. It can be a great way to connect with friends, family and colleagues. Facebook, Instagram, LinkedIn: these platforms and more are great ways to expand human connection. But they also present new cybersecurity challenges.
With that in mind, learning what threats are out there and how to protect yourself from them is essential.
Common social media threats
Impersonation
When you’re on social media, attackers might pretend to be someone you know: a friend, a relative or a colleague. They use these fake identities to trick you into accepting their friend request. Then, they have access to your profile, photos and posts.
But how could an attacker impersonate you? If your profile and friends list are public, hackers can duplicate it. They will then send new friend requests to everyone on the friends list. These connections will accept the request thinking it belongs to you, and then their profiles can be duplicated, and the process begins again.
Phishing
With phishing, hackers send phony messages to trick you into action, usually by clicking a link or attached file. Sometimes, they send messages, pretending to have photos of you or sharing a video. Other attackers buy ad space on popular websites and advertise their phony sites. These look like trendy online stores, but hackers will steal your data if you visit these sites and try to buy something. Others still use social engineering scams, creating an elaborate story to convince you to send money.
Strengthen security awareness with human risk management
Infosec HRM, powered by Right-Hand Cybersecurity, provides alert-based training nudges to minimize human risk at your organization. 
Romance scams
Romance scams are the most common social media attack, scamming 70,000 people out of $1.3 billion in a year. Hackers create a fake identity and begin an online relationship with you. Then they claim they're in trouble and ask you to send money. They might instead blackmail you using explicit photos or texts you sent them. And you are less likely to report them due to embarrassment, and they start with a new target.
Quizzes
It might seem fun to discover your superhero name, but it might actually be dangerous. Hackers design these quizzes to get you to reveal personal information they can use to hack you. Think you’re safe revealing that your favorite band is U2 or your favorite sports team is the Boston Red Sox? For over 33 million people, these answers would have revealed a password. For others, they shared an answer to one of their security questions.
Avoiding scams
-
Avoid social media altogether
-
Use the highest privacy setting available
-
Be careful about accepting friend requests
-
Never take social media quizzes
-
Change your passwords and report immediately if you think you’ve been the victim of a social media scam
If you stay safe and be careful, you can protect yourself and others from potential scams. Send this article to your connections, and stay safe out there!
Phishing simulations & training
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- 4 common social media scams (and how to avoid them)
- Tax scam season: How to protect your data from common scams in 2024
- Security awareness for kids: Tips for safe internet use
- Celebrate Data Privacy Week: Free privacy and security awareness resources
- Consumer data, who owns it and who protects it?
- Human error is responsible for 74% of data breaches
- What is a social engineering attack?
- Biggest cybersecurity mistakes by large organizations
- From theory to practice: Designing a successful security awareness training program
- Understanding cyberattacks: Types, risks and prevention strategies
- Securing digital frontiers: The importance of information and IT security awareness training
- Optimizing your corporate security awareness training: Strategies and techniques
- What is security awareness: Definition, history and types
- Top 10 security awareness training topics for your employees in 2023 and beyond
- AI best practices: How to securely use tools like ChatGPT
- Connecting a malicious thumb drive: An undetectable cyberattack
- 5 ways to prevent APT ransomware attacks
- 4 mistakes every higher ed IT leader should avoid when building a cybersecurity awareness program
- ISO 27001 security awareness training: How to achieve compliance
- Run your security awareness program like a marketer with these campaign kits
- Deepfake phishing: Can you trust that call from the CEO?
- Fake shopping stores: A real and dangerous threat
- 10 best security awareness training vendors in 2022
- How to hack two-factor authentication: Which type is most secure?
- Malicious push notifications: Is that a real or fake Windows Defender update?
- Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
- How IIE moved mountains to build a culture of cybersecurity
- At Johnson County Government, success starts with engaging employees
- How to transform compliance training into a catalyst for behavior change
- Specialty Steel Works turns cyber skills into life skills
- The other sextortion: Data breach extortion and how to spot it
- Texas HB 3834: Security awareness training requirements for state employees
- SOCs spend nearly a quarter of their time on email security
- Security awareness manager: Is it the career for you?
- Risks of preinstalled smartphone malware in a BYOD environment
- The ROI of security awareness training
- 5 reasons to implement a self-doxxing program at your organization
- What is a security champion? Definition, necessity and employee empowerment [Updated 2021]
- Excel 4.0 malicious macro exploits: What you need to know
- Worst passwords of the decade: A historical analysis
- ID for Facebook, Twitter and other sites? Not so fast, says security expert
- 3 surprising ways your password could be hacked
- Fake online shopping websites: 6 ways to identify a fraudulent shopping website
- All about carding (for noobs only) [updated 2021]
- Password security: Complexity vs. length [updated 2021]
- What senior citizens need to know about security awareness
- 55 federal and state regulations that require employee security awareness and training
- Brand impersonation attacks targeting SMB organizations
- How to avoid getting locked out of your own account with multi-factor authentication
- Breached passwords: The most frequently used and compromised passwords of the year
- Top 5 ways ransomware is delivered and deployed
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Security awareness
Tax scam season: How to protect your data from common scams in 2024
Security awareness
Security awareness
Celebrate Data Privacy Week: Free privacy and security awareness resources
Security awareness