9 Ways Scammers Exploit Social Media | Information Technology | University of Pittsburgh

You are here

9 Ways Scammers Exploit Social Media

During the pandemic, social media use has exploded. From Facebook and Twitter, to TikTok and YouTube, it’s many people’s primary source of news, socializing, entertainment, or activism. It can be great! It’s also a goldmine for scammers. Phishing, social engineering, identity theft, and hacking have all moved into your feed. Stay safe on your favorite networks by avoiding these common traps.

1. All For One, and One For All (Identical Passwords)

Getting your account hacked is just embarrassing. No one wants to deal with a bunch of texts asking why you suddenly need money, and then having to send the obligatory post announcing you’ve been duped. Using the same password makes it easy to hack all your accounts at once. Use Pitt Password Manager (LastPass) to generate and store unique passwords for each one. You only have to remember one master password, and the mobile app and browser plugin auto-fill your login info. Easy, peasy.

2. Hey, Look at My Vacay Pics (Posting Travel Photos)

Now that the COVID vaccine is available and things are opening up, people are planning real vacations this summer. The temptation to show everyone where you went will be hard to resist. But it’s OK if your followers have to wait a day or two until you get home. Giving real-time updates basically says: “Hello, I am far away from my house—feel free to rob me!” Post your Insta travel story when you get back.

3. Hello World, Check Me Out (Loose Privacy Settings)

I don’t want crush your influencer vibe, but oversharing with the world is a bad idea. Your page can reveal a ton about you—where you live & work, your birthday & anniversary, your family & friends, etc. These details make it easy to commit identity fraud, break into your accounts, or work the long con. Consider making some accounts private and others public. Keep personal details off your profile and out of your posts. And don’t accept requests from people you don’t know on private accounts.

4. Have Facebook or Twitter, Will Travel (Linking to Business Sites)

Tons of apps and sites let you log in with Facebook or Twitter. Here’s the thing: Hacking social media accounts is pretty easy. If you integrate them with other sites, then getting into your social media account gives them access to synced sites, too. Just pretend this option doesn’t exist! LastPass is just as convenient, but it’s way harder to hack! To remove site integrations, log into Facebook > Settings > Business Integrations or Twitter > Settings > Security and account access > Apps and sessions.

5. I Don’t Need Security! (Not Updating Apps or Security Options)

Apps are always prompting you to install updates ... let them. It may be annoying, but those updates often include new security features or address vulnerabilities. Be sure to install security software on your devices, and keep them updated. If your account or favorite platform has the option to set up multifactor authentication, use it.

6. I Love Quizzes! (Clicking on Strange Links)

Facebook is a link trap: What’s your IQ? Who’s your celebrity look-alike? Crazy pet pics! Stay focused, Panthers. Don’t go to websites you don’t recognize or haven’t visited before—many of them are covers for delivering spyware. Avoid clicking on too-good-to-be-true ads or prize drawings where you need to provide personal financial info. Skip the get-to-know-you posts where you erase another person’s answers and list your own—they can be used to guess your security questions. If you do get sucked into a fraudulent post, block the account, and report it so the hackers can’t trick anyone else.

7. No One Else Will See This, Right? (Posting Compromising Info)

How many celebs need to go down, students expelled, or people arrested before we collectively realize that once you post something, anyone can and will see it? Social media is public and permanent. Don’t post explicit photos, make “edgy” jokes, or brag about technically-illegal pranks. If you wouldn’t want your parent, a future employer, or the police to see a post, then don’t post it! (Also, maybe just don’t do it to begin with.) You call the shots—it’s OK to ask your friends to take down something about you from their page. Cultivate an online presence that you’ll be proud of more than you cultivate likes.

8. That Person Looks Perfect (Falling for Fake Profiles)

There used to be a whole show dedicated to catfishing. Unfortunately, catfishers are still all over social media and they are really good at fooling even some of the smartest among us. Using a fake photo on a fake account under a fake name, catfishers hide behind the anonymity of the internet to cultivate a relationship with their victims. They will spend weeks, months, or even years to pull you in. If you don’t know a person IRL, you don’t know them at all, so keep it close to the vest.

9. It Must Be True—Look at All Those Likes (Believing Misinformation)

Conspiracy theories. Misinformation. Trolls and bots. It can be hard to figure out what’s true on social media. To find the truth, you need to reread and research. Read posts and news articles carefully to make sure you understand what’s being reported. Then, do a little research. Reliable fact checking sites include Snopes, Politifact, or Factcheck.org. Go directly to the source that a post claims to reference. Government sites, professional associations, and research/educational institutions are also reliable sources. Be suspicious of a major story that hasn’t been picked up by several major news organizations.   

Live Long Online and Prosper

I love me some social media time, and I know you do too. Nothing wrong with that, so long as you use a little caution to make sure your fun doesn’t turn sour. Think like a hacker before you post to keep your social media presence positive and productive.

-- By Karen Beaudway, Pitt IT Blogger