How to keep your social media safe from fraud

November 26, 2024 4:00 PM

A person holding a smartphone whilst framed against a wall bearing Facebook Inc.s 'Thumbs Up' symbol — A woman stands holding her smartphone whilst framed against a wall bearing Facebook Inc.s 'Thumbs Up' symbol in this arranged photograph in London on Dec. 23, 2015.

Between January 2021 and June 2023, $2.7 billion was lost to scammers through social media, according to the United States Federal Trade Commission (FTC). This method of fraud is the most popular and successful way for scammers, with one in four people reporting that they lost money to fraud through social media in 2021. The FTC estimates that because most fraud cases are not reported, this figure reflects only a small percentage of the true damage.

This impacts businesses, too. Many companies consistently share posts on platforms like LinkedIn, Facebook and X, opening the opportunity for information theft and security concerns.

The following tips were gathered from the FTC, the National Cybersecurity Preparedness Consortium (NCPC) and 2023 research on security and fraud by AARP.

Think twice about what you share

It's not uncommon for social media users to share critical personal information on their profiles and posts. Sharing details like your birthday, current location, relationships, schools attended or even your pet's name can put you at risk and increase your chances of falling victim to identity fraud.

A safer option would be to share more generalized information about yourself. Avoid tagging and posting exact locations, which scammers can easily use to discover your home address and ZIP code.

Review your social media, and remove any crucial information in your profile posts and photos.

As AI-enabled fraud increases, consider how much of your image and voice you are comfortable with sharing. Identity thefts can use tech like AI to replicate your voice and photos, using your own identity in fraudulent scams, hack into your profiles or other personal accounts and pretend to be you when contacting a bank or your friends and family members.

For businesses, refrain from posting sensitive information about your business operations, schedules or finances, and verify connections or collaboration requests before responding.

Know what to look out for

Pay attention to news of common scams and stay up-to-date with fraud schemes, which often change with current events to confuse users. For example, fraudulent Ukrainian relief scams are a very popular method on social media according to the Department of Insurance, Securities and Banking (DISB). Be careful of identity theft schemes like sharing fraudulent quizzes that ask for personal information like your childhood home address, mother's maiden name or your first pet's name. Remember that scammers will imitate anyone, including a family member, friend, coworker or business account, to infiltrate your personal information or accounts.

Recognize phishing attempts by assessing messages from unknown senders. Hover over links to check the legitimacy of the URL and report suspicious messages. Be wary of fake wi-fi connections–even real public wi-fi can put your private data at risk. When using public wi-fi, check for the encryption of a website by looking for the "https" in the URL, meaning there is some level of encryption. Consider using a virtual private network (VPN) to keep your data safe on your personal device.

Provide routine cybersecurity training

Business owners can strengthen security measures by providing routine cybersecurity training and limiting employee access to accounts. Inform employees to vet third-party mentions and avoid engaging with unverified users or businesses. Beware of impersonation–watch out for fake accounts mimicking your business or your affiliates, and verify customer information before answering requests for sensitive information.

Investing in trusted social media security software or antivirus software can also help monitor account activity, flag suspicious behavior and alert you of potential security risks.

Strengthen account security by using strong passwords, enable multifactor authentication and regularly update passwords, especially after a data breach.

Have a crisis response plan

Be prepared for social media fraud before it happens. A crisis response plan for social media fraud or scams ensures businesses can act quickly and effectively to minimize damage and restore trust. Prepare by identifying potential security risks. Define roles and responsibilities for employees, such as communication management or tech management.

Plans should include exact and quick measures to secure any compromised accounts, limit employee access and halt public interactions. Continue to communicate, however, with your team, customers and affiliates to transparently address the issue.

When recovering accounts, focus on sharing updates on different channels, immediately strengthening security measures and analyzing the incident to prevent a future attack.