Social media is a great way to connect to strangers, but it also makes it easy for people to harvest your personal information. Fortunately, there are ways you can take care of your online presence to stop scammers from stealing your identity.
Here are some ways scammers operate and how to combat their tricks.
1. Harvesting Information From Profiles
Sometimes, a hacker doesn’t need to work hard to steal someone’s identity. Sometimes, people give them all the information they need on a silver platter.
Some people are generous with the information they share on social media. Said information includes dates of birth, addresses, and phone numbers. If someone shares too much data, scammers can harvest this information and use it to impersonate someone.
How to Prevent Data Harvesting From Happening
As scary as this sounds, it’s also the easiest one to avoid. Take care of what you share online, even if you have your privacy settings set to friends only. Follow the golden rule; if you wouldn’t share it with a stranger, don’t share it on your social media accounts.
2. Stealing Information Through Malicious Apps and Services
Some social media sites allow you to install third-party apps; some websites offer specific services and request you log in via the social media site. Usually, these services are designed to “provide” a feature the social network doesn’t offer. The service may also play off of insecurities—such as a block detector.
If you’re unfortunate, you’ll use an app or service that doesn’t do its job—instead, it uses its permissions to harvest information about you and sends it back to the malware developer.
How to Prevent Theft Through Apps and Services
Be very careful about installing third-party apps or services. Be extra cautious about ones that offer to unlock a “hidden feature,” as these are likely to be baiting people into downloading them.
When you go to use a third-party service, be sure you read up on what permissions it wants. If a simple tool asks for every permission possible, exercise caution.
3. Installing Malware and Tricking Users With Phishing
Phishing attacks rely on fooling people into clicking a link. These work best when spread amongst a large pool of people. Unfortunately, social media is a densely-populated service enabling scammers to perform phishing attacks. By getting people to share the link around (such as via retweeting), it helps spread the phishing attack.
These attacks are much worse when posted by an account disguised to look official. For example, the BBC reported on how a fake Elon Musk account spread a phishing attack that stole people’s Bitcoins.
Phishing attacks are an effective tactic for identity theft. A malicious link can lead to malware, which is downloaded and activated to harvest data. Some phishing links may pose as a legitimate company or organization, then ask for sensitive information from the user.
How to Avoid Phishing Scams
If you see any suspicious-looking links, be sure not to click them. The temptation can be hard to beat, as phishing links usually have a twist on them that makes them irresistible to click. They might disguise themselves as a news website reporting a celebrity’s death, or claim to have some juicy gossip on one of your friends.
It’s also worth taking a phishing identification quiz, so you know what to identify. Once you learn how to identify a phishing attack, you’ll be well equipped to defend yourself.
4. Attacking Users Through Their Friends
Be very careful about who you trust online; even your friends. Scammers realize that people aren’t clicking on phishing links as much as they used to, especially from accounts they’ve never heard of before.
Some scammers take a sneakier approach and compromise accounts on social media. They then send the account’s friends a scam link, which the victim clicks on because it’s “from a friend.” This link installs malware on their computer, which harvests information from the victim and sends itself to all of their friends.
How to Spot a Compromised Friend
If you notice your friends acting very oddly, be sure not to click anything they send you. You may have a sweet and kind friend suddenly threaten you with revealing videos and posting a link. This sign is a surefire way to identify a compromised friend’s account, so be sure to contact them outside of the social media site to let them know.
Of course, you may receive a call informing you that a hacker accessed your account. If this happens, don’t worry; you can get it back. For example, you can contact Facebook to get a hacked account back.
5. Getting Location Data From Photograph Geotags
If you’re out and about, it’s fun to tag your photographs with your location so people can see the museums, cafes, and concerts you visit.
If you become too snap-happy, however, you may end up giving away a little too much information with your location tracking. For instance, if you upload a photo taken at home with location tracking, it could give away where you live.
How to Take Photographs Safely
You can still use photograph locations, but be careful about what you tag and where. If you’re in a public place, there should be no harm in letting people know where you were. When you’re somewhere more private, be sure to double-check to ensure you’re not uploading photographs that reveal your address.
If you have photos with location data in them already, you can still upload them safely. For example, you can strip location data from photographs.
6. Harvesting Information Through “Deleted” Information
The biggest problem with information online is that it can sometimes be “undeletable.”
While you may have had a Facebook account once and long-since removed it, there are sites like the Wayback Machine that may “remember” your profile page as it looked back then. As such, hackers can use these pages to find out the information you once had online.
How to Tackle Undeletable Information
The best way to avoid “deleted” information biting back in the future is never to share it in the first place.
If you have been a little bit generous with the information you’ve shared in the past, double-check sites such as Wayback Machine to see if anything got stored. If it did, it’s worth contacting the website to ask them to remove your page from their system.
It’s also worth making sure you thoroughly erase all data on the sites that you leave, rather than merely deactivating the account. For example, there’s a big difference between deactivating and deleting Facebook accounts for privacy.
7. Learning About You via Friend Requests
Sometimes a scammer doesn’t need to hide in the shadows; they can add you as a friend and glean information that way. They may ask you questions about yourself and feign interest, or they may friend you to try to get around your privacy settings and see more about you.
How to Avoid False Friends
For someone to be your friend on social media, you need to accept their request. As such, even if you’re a friendly person, exercise caution when receiving a friend request.
If your privacy settings reveal all of your data to your friends, be careful with who you allow access to your profile. Befriending a stranger could compromise your privacy.
Keeping Your Identity Safe on Social Media
Social media is a great place to get to know people, but it’s also a way for hackers to get to know you. By keeping vigilant with your data and learning about how hackers can access your data, you can avoid identity theft via social media.
If you’d prefer not to keep your data on social media, perhaps it’s time to delete your entire social media presence.