How Social Media Makes You a Target

In the 20-plus years since the first online social media platform was launched, this online medium has evolved from a place to make friends and post family photos to a forum where users promote causes, share information, and discuss ideas. While it’s exciting to be able to share ideas with a vast number of people, it can also put you at risk from online criminals. Social media makes you easy to track and easy to reach, and your social media activities can tell bad guys exactly how to trap you with their fraud schemes. To see how, let’s look at a couple of examples and then talk about how you can protect yourself.

We’ve blogged before about how social media platforms make money from their users: They use the information you unwittingly supply to them when sharing things like life updates. And then they charge advertisers for access to target audiences who best fit the demographics of their products. For example, if you post an ultrasound of your baby, the social media company might charge a diaper company to deliver ads to you and other users who are expecting babies. And that might seem benign—and sure, sometimes convenient—except that some of the companies who buy these targeted advertising slots are not legitimate advertisers but criminals who have designed very appealing fake ads to try to trick you into giving personal information or downloading malware to your device. In fact, a recent study shows that Facebook, Twitter, and other social media sites have become major centers for malware distribution and other kinds of criminal activity.

Another way social media can put you at risk from cybercrime is if the platform has a data breach. These platforms have access to your email address plus other personal information you share, which can include birthdays, anniversaries, where you live and work, family and friend relationships, and more. If there’s a breach and that personal information falls into the wrong hands, they can use it to target you with phishing campaigns. That’s exactly what experts are worried about after “ethical hackers” scraped vast amounts of user data from the social media site Parler just before it went offline in January 2021. While these hackers intended only to save the information for researchers, the data was made publicly available on the web where anyone can access it. Now security experts are predicting that former Parler users will be targeted with phishing campaigns claiming to be from Parler or from allies of the site.

Another risk of social media is account impersonation. This is when a bad actor steals an unsuspecting social media user’s account information and images to create new account which looks almost identical to the original, then re-friends people who friended or followed the original account. Then, you guessed it, they reach out to those friends to try to get personal information or money.

Finally, there’s the old-fashioned way of exploiting social media for evil. Criminals actually do troll through individuals’ social media pages looking for information they can use to target or coerce their victims.

The only 100% effective way to avoid being targeted through social media is not to use social media. But that’s not a desirable choice for many people.

Fortunately, there are things you can do to protect yourself:

• We said it before, and we’ll say it again: Be careful what you post on social media. We really can’t emphasize this enough. Yes, criminals misuse the information you reveal, but potential employers, landlords, romantic partners, and others are also looking at social media to vet prospects. Not to mention that law enforcement agencies can also use social media to investigate criminals and their associates, so be careful when approving friend requests. The best rule of thumb: if you don’t recognize them, there’s no need to add them to your network.
• Tighten up privacy settings on your devices, browsers, and social media accounts. Take advantage of settings that prevent tracking and ones that limit who can see the information you post.
• Never reuse passwords between social media and other accounts. (This is a bad practice that phishers love to exploit.)
• Use a tracking blocker like the one included with IDX Privacy to detect and stop trackers on social media and other websites from gathering information on your online activities.
• If you’re an IDX Privacy or IDX Premier member, you can use SocialSentry™ to receive alerts when suspicious or inappropriate activities are connected to your Facebook profiles. That way you can stop someone posting information that could harm your reputation or trying to use your social media to target other people for fraud.
• Don’t click on ads that you see on social media. If you see something interesting, note the URL and search on the product yourself. That way you won’t end up on a spoofed website for a real product. And if your search doesn’t turn up anything at all, you know the ad was bogus.
• Consider getting an ad blocker to stop pop-up ads that might be malicious.
• Be wary of unexpected emails or instant messages, especially ones that appeal to interests, causes, or passions you’ve expressed on social media. Phishers are becoming more and more clever at social engineering—using emotions such as fear, excitement, or just eagerness for a bargain to get us to click without thinking.

As a recent Cyware alert observed, “social media platforms attract criminals like a corpse attracts vultures.” It’s not a pretty picture, but it’s true: for all the fun that online socializing brings, there are dangers lurking around every friend request, every ad you view and post you share. So, you need to keep your wits about you and use every tool available to avoid becoming roadkill for the social media vultures.