Learn how to recognize the most common scams and protect your personal data on Facebook and Instagram.
I’ve been scaling back my social media presence for a few years, and it’s brought me the peace of mind that comes with keeping nosy acquaintances and curious strangers out of my business. In addition to the mental and social health benefits of not reading everyone’s thoughts in a public forum, I also get fewer spam emails, texts, and robocalls these days. When I stopped sharing details about my life with strangers and locked down my privacy settings on social media apps, I blocked access for potential scammers. And I encourage you to do the same.
Scammers Have a Social Media Addiction, Too
If you’ve been the victim of a scam that started with a social media interaction, you’re not alone. According to the US Federal Trade Commission, in 2021, more than
95,000 people reported a social media scam(Opens in a new window). The FTC reports that over a quarter of the people who reported financial losses from a scam said the transaction started with an ad, a message, or a post on a social media platform.
Facebook and Instagram are not where cool kids hang out these days, but globally, Facebook still has the largest user base, with 2.9 billion monthly active users(Opens in a new window). Instagram has 1.4 billion. That’s a very large and diverse pool of victims for a potential scammer. In an email, cybersecurity expert Liz Wegerer from VPNOverview.com(Opens in a new window) provided a list of the most common Facebook and Instagram scams. I’ve added a short description of the warning signs for each scam and what you can do to protect yourself from them.
- Phishing scams: Be wary of phishing links in DMs, emails, posts, or text messages. The links may infect your computer or device with malware, or the link could direct you to a spoofed website that captures your login credentials. Do not click on links sent by strangers. Hover over links you receive from people you know, and examine the URL. Do not click on the link if it directs you to an unfamiliar or misspelled web address.
- Romance scams: Valentine’s Day is coming soon, so you may receive flirty direct messages and friend requests from intriguing strangers on dating apps and your social media accounts. Scammers don’t need malware and phishing links to part you from your money when good old-fashioned social engineering will do. Avoid sharing personal information with a stranger who strikes up a conversation with you online. Do not send them money for any reason.
- Job offer scams: Did you spot a job posting on your Facebook feed that sounds too good to be true? Do not engage with the post on the social media platform. Go directly to the company website for the job and apply for the opportunity. Job offer scams typically instruct potential victims to fill out web forms with their personal information. The scammer then uses that information for impersonation or identity theft.
- Quizzes and games scams: As with your social media posts, your personality quiz responses are the types of information you may use to create passwords or answer security questions. To keep scammers from getting any of that information, I suggest not taking part in the quizzes or lying when you answer questions.
- Charity scams: Beware of fake charity pleas, especially those centered on major events such as the war in Ukraine, COVID-19, and other disasters. Anyone can create a page on GoFundMe or a similar charity website, so do thorough research before contributing to a cause.
- Fake investment scams: Scammers may promise a massive return for a small investment and disappear when it’s time to pay up. Do not ever give strangers money online.
- Bogus brand collaboration requests: Every budding influencer receives a torrent of spam messages on Instagram offering payment for product promotion. Some offers may be legit, but many messages may contain phishing links. If you are interested in working with a brand, ask the brand manager to contact you via video chat to ensure you speak to a legitimate company. Get your financial agreement in writing, and hire a lawyer to look it over before signing it.
- Selling followers and likes: A scammer may ask you to pay a nominal fee in exchange for like or follow packages and then steal your financial date when you send financial details. Build your audience organically and keep your payment information out of scammers’ hands.
How to Limit Social Media Data Leaks
Your social media posts are a treasure trove of valuable information. Your public contact list alone can help a criminal. The list of names connected to your public social media accounts is enough for a scammer to impersonate a family member or a friend with a spear phishing email. In the email, the scammer may convince you to reveal private information such as industry secrets, login credentials, credit/debit card numbers, or embarrassing personal information.
You don’t have to stop posting on your favorite social platform, but it is wise to stop posting personal information on your public feed. You don’t know who is reading your words or viewing your photos. Give strangers less access to your personal life by trying these seven steps for locking down your social media activity:
- Evaluate your privacy settings.
Your Instagram account is public by default so that anyone can see your posts. Set your account to “private” so only approved followers can see your posts, comment, and send direct messages. You can’t hide your profile pictures or cover photos on Facebook, but you can hide almost everything else from people not on your friends list by tweaking the elaborate privacy settings.
- Use a password manager and enable multi-factor authentication on your accounts.
One of the easiest ways to prevent unwanted logins on your accounts is to keep your login credentials in a password manager and enable multi-factor authentication for your accounts. Facebook and Instagram offer a few kinds of authentication, but I recommend using a mobile authenticator app such as Authy.
- Keep track of third-party apps.
You may have many third-party applications connected to your social media accounts. For example, on Instagram, you can see which apps and websites are connected to your social media accounts by visiting the Settings section of your account profile and navigating to a section labeled “Apps and Websites.” If you see one you do not recognize, it could be a malicious app spying on your online activity. Review the list of third-party applications connected to your account. Delete any that you do not use frequently or do not remember installing.
- Only buy from verified profiles and brand accounts.
Before purchasing anything via a social media platform, verify the seller’s account. Legitimate brands on Instagram and Facebook are verified by the platform and have a blue circle checkmark next to their name.
- Perform quarterly name searches.
Impersonation can happen to anyone. To avoid the damage of someone using your name, photos, or other personal information against you or your social network, make a habit of searching Facebook and Instagram for your name. It only takes a minute, and it is an easy way to identify and report impostor accounts.
- Decline friend requests from strangers.
Not everyone wants to be your friend. Don’t accept friend requests from anyone you don’t know. The more strangers in your friends list, the higher the risk you will be approached with a scam.
- Never click on suspicious links sent to you or respond to unsolicited messages.
Whether it is an email or a private message, avoid clicking on unsolicited videos or links, even if you recognize the sender’s name. If you think a friend sent you something, double-check with them via phone or text before clicking the link. Be especially wary of messages containing phrases such as, “OMG! Is this you?” or “Have you seen this yet?!”