I've been scaling back my social media presence for a few years, and it's brought me the peace of mind that comes with keeping nosy acquaintances and curious strangers out of my business. In addition to the mental and social health benefits of not reading everyone's thoughts in a public forum, I also get fewer spam emails, texts, and robocalls these days. When I stopped sharing details about my life with strangers and locked down my privacy settings on social media apps, I also blocked access for potential scammers.
Scammers Have a Social Media Addiction, Too
If you've been the victim of a scam that started with online interaction, you're not alone. Recently, the Social Security Administration issued a warning stating that scammers are impersonating government workers to trick people into handing over their money and personal information.
According to the US Federal Trade Commission, in 2021, more than 95,000 people reported a social media scam. The FTC stated that over a quarter of the people who reported financial losses from a scam said the transaction started with an ad, message, or post on social media.
Facebook and Instagram are not where cool kids hang out these days, but globally, Facebook still has the largest user base, with 2.9 billion monthly active users; Instagram has 1.4 billion. That's a large and diverse pool of victims for a potential scammer.
In an email, cybersecurity expert Liz Wegerer from VPNOverview.com provided a list of the most common Facebook and Instagram scams. I’ve added a short description of the warning signs for each scam and what you can do to protect yourself from them.
Phishing scams: Avoid phishing links in DMs, emails, posts, or text messages. These links could infect your computer or device with malware or direct you to a spoofed website that captures your login credentials. Do not click on links sent by strangers. Hover over links you receive from people you know, and examine the URL. Do not click a link if it directs you to an unfamiliar or misspelled web address.
Romance scams: You may receive flirty direct messages and friend requests from intriguing strangers on dating apps and your social media accounts. Scammers don't need malware and phishing links to part you from your money when good old-fashioned social engineering will do. Avoid sharing personal information with a stranger who strikes up a conversation with you online. Do not send them money for any reason.
Job-offer scams: Did you spot a job posting on your Facebook feed that sounds too good to be true? Do not engage with the post on the social media platform. Instead, go directly to the company website to view the job listing and apply. Job-offer scams typically instruct potential victims to complete web forms with their personal information. The scammer then uses that information for impersonation or identity theft.
Quizzes and games scams: As with your social media posts, your personality quiz responses are often the types of information you use to create passwords or to answer security questions. To keep scammers from getting any of that information, I recommend not taking part in the quizzes—or lying when you answer questions.
Charity scams: Beware of fake charity pleas, especially those centered on major events such as the war in Ukraine, COVID-19, and other disasters. Anyone can create a page on GoFundMe or a similar charity website, so thoroughly research before contributing to a cause.
Fake investment scams: Scammers may promise a massive return for a small investment and disappear when it's time to pay up. Do not ever give strangers money online.
Bogus brand-collaboration requests: Every budding influencer receives a torrent of spam messages on Instagram offering payment for product promotion. Some offers may be legit, but many contain phishing links. If you want to work with a brand, ask the brand manager to contact you via video chat to ensure you speak to a legitimate company. Get your financial agreement in writing, and hire a lawyer to look it over before signing it.
Selling followers and likes: A scammer may ask you to pay a nominal fee in exchange for like or follow packages and then steal your financial data when you send details. Build your audience organically, and keep your payment information out of scammers' hands.
How to Limit Social Media Data Leaks
Your social media posts are a treasure trove of valuable information. Your public contact list alone can help a criminal: The list of names connected to your public social media accounts is enough for a scammer to impersonate a family member or a friend with a spear phishing email. In the email, the scammer tries to convince you to reveal private information such as industry secrets, login credentials, credit or debit card numbers, or embarrassing personal information.
Give strangers less access to your personal life by trying these seven steps for locking down your social media activity:
1. Evaluate Your Privacy Settings
Your Instagram account is public by default, so anyone can see your posts. Set your account to “private” so only approved followers can see your posts, comment, and send direct messages (Settings and privacy > Account privacy > Private account). You can't hide your profile pictures or cover photos on Facebook, but you can hide almost everything else from people who aren't on your contact list by tweaking the platform's elaborate privacy settings.
2. Use a Password Manager and Enable MFA
One of the easiest ways to prevent unwanted logins on your accounts is to keep your login credentials in a password manager and enable multi-factor authentication (MFA) for your accounts. Facebook and Instagram offer a few kinds of authentication, but I recommend using a mobile authenticator app such as Authy.
3. Keep Track of Third-Party Apps
You might have many third-party applications connected to your social media accounts. For example, on Instagram, you can see which apps and websites are connected by visiting the Settings section of your account profile and navigating to a section labeled “Apps and Websites.” If you see one you do not recognize, it could be a malicious app spying on your online activity. Review the list and delete any you don't use frequently or don't remember installing.
4. Buy Only From Verified Profiles and Brand Accounts
Before purchasing anything via a social media platform, verify the seller's account. Legitimate brands on Instagram and Facebook are verified by the platform and have a blue circle checkmark next to their names.
5. Perform Quarterly Name Searches
Impersonation can happen to anyone. To avoid the damage of someone using your name, photos, or other personal information against you or your social network, make a habit of searching Facebook and Instagram for your name. It takes just a minute, and it's an easy way to identify and report impostor accounts.
6. Decline Friend Requests From Strangers
Not everyone wants to be your friend. Don't accept friend requests from people you don’t know. The more strangers in your friends list, the higher the risk you will be approached with a scam.
7. Ignore Suspicious Links and Unsolicited Messages
Whether in an email or a private message, avoid clicking on unsolicited videos or links—even when you recognize the sender's name. If you think a friend sent you something, double-check with them via phone or text before clicking the link. Be especially wary of messages containing phrases such as, “OMG! Is this you?” or “Have you seen this yet?!”
You don't have to stop posting on your favorite social platform, but it is wise to limit the information posted to your public feed. You don't know who is reading your words or viewing your photos.