You can avoid social media identity theft by setting strict privacy settings, securing your social media accounts with strong passwords, vetting every friend and follower request, keeping an eye out for phishing attempts and limiting what you share on social media. With almost every person having at least one social media account, cybercriminals are leveraging this by targeting these accounts to carry out various cyber attacks, including identity theft.
Continue reading to learn more about what social media identity theft is, how it happens and the dangers of oversharing on these platforms.
Social media identity theft is when cybercriminals use social media platforms such as Instagram and Facebook to steal your Personally Identifiable Information (PII). Some cybercriminals will even go as far as gaining access to your social media accounts so they can gather even more information about you.
When a cybercriminal has just enough information about you, they can use it to steal your identity. Identity theft can not only be costly to recover from, but it can also be time-consuming, as well as mentally and emotionally draining.
Social media identity theft can happen in different ways, but one of the most common ways is through Account Takeover (ATO) attacks. An ATO attack is when a cybercriminal takes over one of your online accounts and locks you out of it by changing your password. Since you no longer know the password to your account, you’re unable to log in to it until you reset your password or get in contact with customer service.
While a cybercriminal has access to your account, they can do anything on it such as make posts or scam your friends and followers. For some cybercriminals, taking over one of your accounts is just the beginning and they may even attempt to take over other critical accounts like your bank account.
Most people tend to overshare on social media making them targets for cybercriminals. For individuals who have larger followings, you’re an even bigger target because cybercriminals can attempt to scam your followers by pretending to be you. Because your followers are unaware of the account takeover attack, they may unwittingly share sensitive information.
Here are five steps to avoid becoming a victim of social media identity theft.
Set strict privacy settings
All of your social media accounts should have strict privacy settings set. Here’s how to make your Instagram, Facebook and X (formerly known as Twitter) accounts more private.
Instagram: Go to Settings and privacy > Click Who can see your content > Toggle Private Account > Click Switch to private to confirm.
Facebook: Go to Settings > Under Audience and visibility click Followers and public content > Customize these settings to be more private. We recommend not having any of these settings set to public.
X: Click your profile icon on the upper right-hand corner > Click Settings and privacy > Click Privacy and safety > Click Audience and tagging > Toggle the buttons where it says Protect your posts and Protect your videos.
The stricter your privacy settings are on your social media accounts, the more secure they’ll be from prying eyes.
To prevent account takeover attacks, each of the passwords to your online accounts should be strong and unique. This means they shouldn’t be reused or use common dictionary words and phrases. Each of your passwords should integrate the following password best practices:
- Be at least 16 characters long
- Include uppercase and lowercase letters
- Include numbers
- Include symbols (e.g. $, &, #)
When creating strong passwords, it’s best to have a password generator create them for you to ensure that they are always long and complex. If you find yourself having trouble remembering multiple passwords, it’s worth investing in a password manager to help you create, manage and securely store your strong passwords for you.
Vet every friend and follower request
Having a large number of followers isn’t always good, especially if most of those followers are strangers you don’t know. Rather than accepting every friend and follower request you receive, check to see if it’s worth giving them access to your social media accounts.
Some cybercriminals go as far as creating fake social media accounts just so they can follow you to see what you post, so you’ll want to be extra cautious about which friend requests you’re accepting.
Be on the lookout for phishing attempts
Phishing is a type of social engineering attack that aims to get victims to disclose sensitive information by pretending to be someone the victim knows or a company they have an account with. Phishing attempts leverage malicious links and attachments and when victims click on these links or attachments, malware is installed on their device or they’re led to a spoofed website. Spoofed websites are made to look legitimate so victims are inclined to enter their sensitive information such as their login credentials or credit card numbers.
Cybercriminals may use phishing attempts to commit social media identity theft, so it’s important to learn how to spot them. Here are a few phishing attempt indicators.
- Use of urgent language
- Offers that seem too good to be true
- Requests for personal information
- Urging you to click on unsolicited links or attachments
- Threats of serious consequences if you don’t follow their instructions
It can be tempting to share information about an upcoming trip or event on your social media, but you should limit what you share on these platforms, especially when it comes to your whereabouts. Cybercriminals and cyberstalkers look to your social media accounts for information like this so they can use it against you.
Oversharing on social media such as posting where you are while you’re at that location, and posting intimate details about your personal life, can jeopardize your online privacy. Cybercriminals look for personal details about your life so they can use them to carry out all types of social engineering attacks. Social engineering is a technique used by cybercriminals to psychologically manipulate victims into doing things or revealing sensitive information. The more a cybercriminal knows about you, the easier it is for them to manipulate you using social engineering tactics.
Oversharing too much information on your social media accounts not only places you at risk of account takeover attacks, but also places you at a greater risk of being a victim of identity theft.
Social media identity theft can place you at risk of losing access to your accounts and losing money. To keep yourself protected from social media identity theft, implement the steps mentioned above to make your accounts more secure and private.
To learn more about how you can keep your social media accounts secure, here are a few more of our tips. To see how a password manager like Keeper® can help you keep your accounts secure with strong passwords, start a free 30-day trial of Keeper Password Manager today.