Security Social Media

7 Ways Hackers Steal Your Identity on Social Media

Simon Batt 03-06-2019

Social media is a great way to connect to strangers, but it also makes it easy for people to harvest your personal information. Fortunately, there are ways you can take care of your online presence to stop scammers from stealing your identity.


Here are some ways scammers operate and how to combat their tricks.

1. Harvesting Information From Profiles

Someone accessing a profile page on social media
Image Credit: everythingposs/DepositPhotos

Sometimes, a hacker doesn’t need to work hard to steal someone’s identity. Sometimes, people give them all the information they need on a silver platter.

Some people are generous with the information they share on social media. Said information includes dates of birth, addresses, and phone numbers. If someone shares too much data, scammers can harvest this information and use it to impersonate someone.

How to Prevent Data Harvesting From Happening

As scary as this sounds, it’s also the easiest one to avoid. Take care of what you share online, even if you have your privacy settings set to friends only. Follow the golden rule; if you wouldn’t share it with a stranger, don’t share it on your social media accounts.


2. Stealing Information Through Malicious Apps and Services

Some social media sites allow you to install third-party apps; some websites offer specific services and request you log in via the social media site. Usually, these services are designed to “provide” a feature the social network doesn’t offer. The service may also play off of insecurities—such as a block detector.

If you’re unfortunate, you’ll use an app or service that doesn’t do its job—instead, it uses its permissions to harvest information about you and sends it back to the malware developer.

How to Prevent Theft Through Apps and Services

Be very careful about installing third-party apps or services. Be extra cautious about ones that offer to unlock a “hidden feature,” as these are likely to be baiting people into downloading them.

When you go to use a third-party service, be sure you read up on what permissions it wants. If a simple tool asks for every permission possible, exercise caution.


3. Installing Malware and Tricking Users With Phishing

Phishing attacks rely on fooling people into clicking a link. These work best when spread amongst a large pool of people. Unfortunately, social media is a densely-populated service enabling scammers to perform phishing attacks. By getting people to share the link around (such as via retweeting), it helps spread the phishing attack.

These attacks are much worse when posted by an account disguised to look official. For example, the BBC reported on how a fake Elon Musk account spread a phishing attack that stole people’s Bitcoins.

Phishing attacks are an effective tactic for identity theft. A malicious link can lead to malware, which is downloaded and activated to harvest data. Some phishing links may pose as a legitimate company or organization, then ask for sensitive information from the user.

How to Avoid Phishing Scams

If you see any suspicious-looking links, be sure not to click them. The temptation can be hard to beat, as phishing links usually have a twist on them that makes them irresistible to click. They might disguise themselves as a news website reporting a celebrity’s death, or claim to have some juicy gossip on one of your friends.


It’s also worth taking a phishing identification quiz This Google Quiz Will Help You Spot Phishing Emails How good are you at spotting phishing emails? To test your skills, Google has developed a Phishing Quiz using real-world examples. Read More , so you know what to identify. Once you learn how to identify a phishing attack, you’ll be well equipped to defend yourself.

4. Attacking Users Through Their Friends

Be very careful about who you trust online; even your friends. Scammers realize that people aren’t clicking on phishing links as much as they used to, especially from accounts they’ve never heard of before.

Some scammers take a sneakier approach and compromise accounts on social media. They then send the account’s friends a scam link, which the victim clicks on because it’s “from a friend.” This link installs malware on their computer, which harvests information from the victim and sends itself to all of their friends.

How to Spot a Compromised Friend

If you notice your friends acting very oddly, be sure not to click anything they send you. You may have a sweet and kind friend suddenly threaten you with revealing videos and posting a link. This sign is a surefire way to identify a compromised friend’s account, so be sure to contact them outside of the social media site to let them know.


Of course, you may receive a call informing you that a hacker accessed your account. If this happens, don’t worry; you can get it back. For example, you can contact Facebook to get a hacked account back Has Your Facebook Been Hacked? How to Tell (And Fix It) Here are steps you can take to prevent being hacked on Facebook, and things you can do in the event your Facebook was hacked. Read More .

5. Getting Location Data From Photograph Geotags

A photo pinned to a globe to represent geotagging
Image Credit: leshkasmok/DepositPhotos

If you’re out and about, it’s fun to tag your photographs with your location so people can see the museums, cafes, and concerts you visit.

If you become too snap-happy, however, you may end up giving away a little too much information with your location tracking. For instance, if you upload a photo taken at home with location tracking, it could give away where you live.

How to Take Photographs Safely

You can still use photograph locations, but be careful about what you tag and where. If you’re in a public place, there should be no harm in letting people know where you were. When you’re somewhere more private, be sure to double-check to ensure you’re not uploading photographs that reveal your address.

If you have photos with location data in them already, you can still upload them safely. For example, you can strip location data from photographs How to Strip Location Data From Photos in Windows 10 Photo files can carry more information than you think, such as the time the photo was taken or where you were when you took it. Remove it easily in Windows 10! Read More .

6. Harvesting Information Through “Deleted” Information

The biggest problem with information online is that it can sometimes be “undeletable.”

While you may have had a Facebook account once and long-since removed it, there are sites like the Wayback Machine that may “remember” your profile page as it looked back then. As such, hackers can use these pages to find out the information you once had online.

How to Tackle Undeletable Information

The best way to avoid “deleted” information biting back in the future is never to share it in the first place.

If you have been a little bit generous with the information you’ve shared in the past, double-check sites such as Wayback Machine to see if anything got stored. If it did, it’s worth contacting the website to ask them to remove your page from their system.

It’s also worth making sure you thoroughly erase all data on the sites that you leave, rather than merely deactivating the account. For example, there’s a big difference between deactivating and deleting Facebook accounts for privacy What Deactivating or Deleting Facebook Really Means for Privacy Thinking about quitting Facebook? Here's how deleting or deactivating Facebook can improve your online privacy. Read More .

7. Learning About You via Friend Requests

Close up of facebook page with friend request pending
Image Credit: agencyby/DepositPhotos

Sometimes a scammer doesn’t need to hide in the shadows; they can add you as a friend and glean information that way. They may ask you questions about yourself and feign interest, or they may friend you to try to get around your privacy settings and see more about you.

How to Avoid False Friends

For someone to be your friend on social media, you need to accept their request. As such, even if you’re a friendly person, exercise caution when receiving a friend request.

If your privacy settings reveal all of your data to your friends, be careful with who you allow access to your profile. Befriending a stranger could compromise your privacy.

Keeping Your Identity Safe on Social Media

Social media is a great place to get to know people, but it’s also a way for hackers to get to know you. By keeping vigilant with your data and learning about how hackers can access your data, you can avoid identity theft via social media.

If you’d prefer not to keep your data on social media, perhaps it’s time to delete your entire social media presence How to Erase Your Social Media Presence: Facebook, Twitter, Instagram and Snapchat You've decided to delete your social media accounts? Here's how to delete Facebook, Twitter, Instagram, and Snapchat. Read More .

Related topics: Identity Theft, Online Privacy, Phishing.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Andrew
    June 17, 2019 at 11:19 pm

    Funny. I've been messing with computers for about 25 years now, and I have never used anti virus on any of them. That's across Windows and Linux. And sure, I dabble in adult content. If you pay close attention to what you're doing, it is completely unnecessary to run anti virus. Also, supposed "free" anti virus will hound you to death about the benefits of upgrading, in addition to harvesting as much of your data as the eula allows. That's mostly why they give it away. Because they use your data to update their definitions. I work on people's computers, and all of them have paid anti virus programs that GASP, somehow the virus got around! Go figure! If you don't pay attention to what you're doing, I don't give a shit WHAT you install, the virus will get you!