By definition, social media is all about sharing information, including photos, articles and innermost thoughts. But sharing your personal identity and private information on social media may not be the best idea. Social media-based identity theft is on the rise, and what we share and how we handle our social accounts can determine whether or not we become victims.
We’ll highlight best practices for protecting your privacy on social media, explore the risks of identity theft, and highlight scams to watch out for.
How to protect your privacy on social media
According to the 2022 Identity Fraud Report by Javelin Strategy & Research, approximately 42 million U.S. consumers have been victims of traditional identity fraud or identity fraud scams, resulting in almost $52 billion in combined losses. Social media is rife with information scammers can grab and use against you in various fraud schemes, including identity theft, ransomware attacks and data breaches.
Consider the following seven best practices for protecting your privacy on social media.
1. Keep your personal information private on social media.
Social media users routinely share their birthdays via their profiles, posts, and “about” information. It’s also not uncommon to discuss the high schools and colleges you attended, the city you live in, and your pets and their names. Some users may even include their phone numbers and other personally identifiable information.
This personal data is a bonanza for identity thieves. To be safe, omit this information from your profiles and posts. Platforms include many options to fill out in profile pages, but you can leave this information out.
Instead, offer a generalized version of your personal stats, or leave these options blank. For example, the San Francisco Bay Area is a general option for Burlingame, California. Providing generalized options still gives some information but makes it more challenging for scammers to figure out your ZIP code or home address.
2. Set strict privacy settings on your social media accounts.
Go into the settings for your Facebook, Twitter, Pinterest, Instagram and LinkedIn accounts to edit your privacy settings. Ensure all your personal information — such as your birthday, current location and workplace — is private or visible only to your friends.
When your privacy settings are more lenient, you give strangers easy access to all your information. They won’t even have to hack into your account to discover everything they need.
Your
LinkedIn profile is particularly vulnerable because it shares your career history. Ensure you only connect with someone on LinkedIn if you trust them with your personal contact information.
3. Don’t tag or post your specific location on social media.
Many social media platform apps include location-based services to allow location tagging. The location tag is a fun feature, but not everyone needs to know where you are at all times. It makes you and your home or business location vulnerable, especially if your profile is public.
It’s cool to let your social media friends know that you’re at Disneyland with your sister, but you’re also letting everyone know that you’re more than 100 miles away from your home, which means it’s vulnerable to break-ins.
4. Know your friends and connections on social media.
Never make yourself or your information vulnerable to people you’ve never met in real life. Steven J.J. Weisman, a lawyer at Margolis Bloom & D’Agostino and senior lecturer at Bentley University specializing in cybersecurity and identity theft, said befriending people you don’t know makes it easier for them to use the information on your social media accounts to learn more about you.
“These ‘friends’ who don’t know you gain access from your Facebook page to personalized information that often can be used to make you a victim of identity theft,” Weisman warned. You may unwittingly provide information to help them learn or guess your email address or answer security questions.
Don’t add someone as a friend just because they send you a request. Use the “decline” button on suspicious friend requests. You can also unfriend someone on social media, unfollow them, or disconnect their account if you realize they’re a stranger or a fake account created only to access your information.
5. Always log out of your social media accounts.
Logging out of your social media accounts is especially crucial when you use a public computer, such as at a library or hotel. We all have some private information on our social media accounts, even if it’s only our name and a photo, and you don’t want to give someone easy access to your identity.
Leaving your account open allows anyone sitting at that computer to see all your recovery email addresses, phone numbers, credit card information, private messages, and friends and family.
6. Use strong passwords on your social media accounts.
Passwords are critical keys to your identity if discovered, so they must be effective and difficult to guess. To create strong passwords, combine letters, numbers and special characters in randomized, nonsequential order. Avoid using full words and anything related to your birthday or current and previous addresses — these are the first keywords hackers will guess when attempting to log in to your accounts.
Use password managers to store unique passwords for every account, eliminating the need to remember or write down complex passwords.
7. Use security software on devices you use to access social media.
Internet security software protects your identity while surfing the web or using social media. For example, if you download a message from a “friend,” that message could contain a keystroke malware program that steals your personal information from your computer. Antivirus software can detect and remove such rogue software.
Most internet security software suites have identity theft protection features like anti-keyloggers, secure environments and password protection that features computer encryption.
What are the risks of identity theft?
Identity theft and fraud are multi-billion-dollar scams that impact large segments of the U.S. population. Identity theft can affect individuals and businesses in the following ways:
- Identity theft can impact finances. The most noticeable impact of identity theft scams is financial. Depending on the scam’s severity, attackers could empty bank accounts, take over investment or retirement accounts, and even potentially take control of a victim’s mortgage. ID theft cases can necessitate legal services that further compound the financial impact.
- Identity theft can damage your career. Actions by scammers who misuse your identity could appear on background checks and potentially affect employment opportunities.
- Identity theft can harm your reputation. Scammers could hurt your online reputation if they seize control of social media accounts. This is particularly damaging if you use social media for business. In worst-case scenarios, scammers could take control of a social media account and pose as the account holder while using the account to distribute malware, send phishing emails, or launch additional attacks on other targets.
- Identity theft can lead to account bans. If identity thieves misuse your social media, platforms could ban your accounts. You could lose years of work spent building up a social media following.
Remote workers have added scam concerns.
Remote cybersecurity tips include using only work email accounts, enabling multifactor authentication and guarding against phishing emails.
Identity fraud scams to watch out for
Social media identity fraud can be challenging to recognize. The most dangerous scams constantly change to reflect current events and take advantage of consumer patterns. For example, COVID-19 scams proliferated amid the pandemic, and fake Ukrainian relief scams cropped up amid Russia’s invasion of Ukraine. Always research a person or organization before offering any personal or financial information.
Additionally, stay aware of the following common identity fraud schemes:
- Impersonation identity theft schemes. A hacker can message friends of the compromised account and ask for favors. Some messages may be innocuous, asking your friends about your weekend plans or work hours to learn when your home will be vacant. Others are more overt. These messages may claim that your friend is in some form of trouble and urgently needs money. Never send money without verifying that the request is genuine.
- Identity theft quizzes. Identity theft quizzes pose as fun games to post publicly and share with friends. Many quizzes ask questions about your childhood home’s street, your first pet’s name or your favorite restaurants — all potential elements of passwords and security questions. Posting your filled-out questionnaires on social media offers potential hackers an easy opportunity to learn your passwords.
- Identity theft fake business opportunities. When looking into business opportunities, remember one golden rule: If you have to pay for anything, you’re a customer, not an employee. These scams often come in the form of pyramid schemes. The messaging party, almost always unsolicited, promises to send you a starter pack that you can sell. But first, of course, you must provide your credit card information. Do not, under any circumstances, provide credit card information unless you’re making a purchase through a secure company page.
Identity theft is a growing business
Identity theft and related scams are a growing business for criminals. Unfortunately, social media and the increased availability of personal information have made these scams more common and easier to carry out. Removing yourself from all social media is drastic and challenging. Fortunately, there are ways to use these platforms while guarding against identity theft risks.
Implement social media privacy best practices and maintain a healthy level of skepticism to decrease your chances of being an identity theft victim.
Jeremy Bender and Jordan Beier contributed to the writing and reporting in this article. Some source interviews were conducted for a previous version of this article.