Nearly 70 percent of American adults use some type of social media according to 2018 data from Pew Research Center. Half of those users are not confident that the data they are sharing is in safe hands.
That concern is well-founded according to Trevor Buxton, fraud communications manager and Certified Fraud Examiner at PNC Bank. While social media can be an effective means of news gathering, staying in touch with friends and building a professional network, the loads of data contained and shared on social media networks can present a prime opportunity to identity thieves.
“As we’ve seen recently in the news, social networks can share and sell the data you’re providing them,” Buxton says. “If you’re using something for free, you are the product.”
Reducing the risk of identity theft through social media is an exercise in thinking twice and generally using common sense, Buxton says. Consider five potential pitfalls to avoid when using social media networks:
Oversharing means more than just sharing inappropriate details about your personal life – it can simply mean providing too many details about your life, location and contact information that cybercriminals can use to commit fraud. Social media profiles offer the opportunity to share loads of potentially sensitive data, photos and personal updates that have no expiration date.
“It’s important for people to consider that whatever information they are sharing on social media, will live there indefinitely,” Buxton says. “Anything shared has potential value for bad actors.”
2. Fake Social Media Profiles
Your email alerts you to a new connection request from someone you’ve never met. Do you accept it to grow your network, or decline out of an abundance of caution?
Declining unknown connection or friend requests on social media networks not only limits your feeds to people you truly know, it’s also an important step in protecting your personal information from cybercriminals.
“Certainly not everyone is seeking to do harm, but I treat random friend requests the same way I treat calls from unknown numbers,” says Buxton. “I don’t respond to them.”
The threat, Buxton says, is that cybercriminals can use fake profiles to befriend social media users in order to gain access to personally identifiable information that can later be used for identity fraud.
3. Quizzes and Surveys
While finding your spirit animal or celebrity clone can be fun, quizzes and surveys on social media can be goldmines of personal information for fraudsters. Buxton said popular survey posts where users are asked a series of questions about things such as their first car, job, school etc. can be particularly dangerous because those responses are often also used as answers to security questions on password-protected accounts.
“The quizzes themselves generally aren’t malicious,” Buxton says. “It’s the answers that users are publicly sharing and asking their friends to also share that provides opportunity for cybercriminals.”
4. Social Media Tech or Customer Support
Known as angler phishing, social media users should be alert for fraudulent accounts offering customer support on behalf of a financial institution or other business. Buxton said fraudsters can seek to take advantage of disgruntled consumers by imitating legitimate customer service representatives and tricking users into sharing personal/account information or clicking on malicious links.
To avoid being hooked by angler phishing attempts, users should double check that any customer service attempts are coming from the verified and official accounts of the bank or business users want to interact with. If you’re still unsure, Buxton says, consumers can try alternatives such as phone or in-store support channels.
5. Tragedy or Disaster Fraud
Natural disasters and other large-scale tragedies often prompt well-meaning attempts to raise funds or supplies for victims through social media giving campaigns. They can also prompt cybercriminals to take advantage of people’s generosity. Mixed among the many legitimate sites offering opportunities to help are posts that will help you donate directly to a fraudster’s pocket.
It’s important that consumers research charitable organizations and verify that the site or post they are interacting with is coming from a legitimate charity before donating. In many cases, Buxton says, it is better to donate directly through an organization’s official website or phone number as opposed to posts on social media networks.
“Social media is a real opportunity for us to connect and participate in each other’s lives and careers,” Buxton says. “It’s just important to think twice and keep your guard up.”
Displaying an email address in your social media networks can be risky. “Bad guys can search the internet to find other sites and accounts linked to that address.” –Trevor Buxton
1. Social Media Fact Sheet, Pew Research Center, Feb. 2018
2. Americans’ complicated feelings about social media in an era of privacy concerns, Pew Research Center, Mar. 2018