Your social media posts are a treasure trove of valuable information. Your public contact list alone can help a criminal: The list of names connected to your public social media accounts is enough for a scammer to impersonate a family member or a friend with a spear phishing email. In the email, the scammer tries to convince you to reveal private information such as industry secrets, login credentials, credit or debit card numbers, or embarrassing personal information.

Give strangers less access to your personal life by trying these seven steps for locking down your social media activity:

1. Evaluate Your Privacy Settings

Your Instagram account is public by default, so anyone can see your posts. Set your account to “private” so only approved followers can see your posts, comment, and send direct messages (Settings and privacy > Account privacy > Private account). You can’t hide your profile pictures or cover photos on Facebook, but you can hide almost everything else from people who aren’t on your friends list by tweaking the platform’s elaborate privacy settings.

2. Use a Password Manager and Enable MFA

One of the easiest ways to prevent unwanted logins on your accounts is to keep your login credentials in a password manager and enable multi-factor authentication (MFA) for your accounts. Facebook and Instagram offer a few kinds of authentication, but I recommend using a mobile authenticator app such as Authy.

3. Keep Track of Third-Party Apps

You might have many third-party applications connected to your social media accounts. For example, on Instagram, you can see which apps and websites are connected by visiting the Settings section of your account profile and navigating to a section labeled “Apps and Websites.” If you see one you do not recognize, it could be a malicious app spying on your online activity. Review the list and delete any you don’t use frequently or don’t remember installing.

4. Buy Only From Verified Profiles and Brand Accounts

Before purchasing anything via a social media platform, verify the seller’s account. Legitimate brands on Instagram and Facebook are verified by the platform and have a blue circle checkmark next to their names.

5. Perform Quarterly Name Searches

Impersonation can happen to anyone. To avoid the damage of someone using your name, photos, or other personal information against you or your social network, make a habit of searching Facebook and Instagram for your name. It takes just a minute, and it’s an easy way to identify and report impostor accounts.

6. Decline Friend Requests From Strangers

Not everyone wants to be your friend. Don’t accept friend requests from people you don’t know. The more strangers in your friends list, the higher the risk you will be approached with a scam.

7. Ignore Suspicious Links and Unsolicited Messages

Whether in an email or a private message, avoid clicking on unsolicited videos or links—even when you recognize the sender’s name. If you think a friend sent you something, double-check with them via phone or text before clicking the link. Be especially wary of messages containing phrases such as, “OMG! Is this you?” or “Have you seen this yet?!”

You don’t have to stop posting on your favorite social platform, but it is wise to limit the information posted to your public feed. You don’t know who is reading your words or viewing your photos.

Your employees are your first and primary line of defense against online crime.  Let us provide you a full picture of your company’s security posture and potential risk, so the employees who were the weakest link in your defense can become its strongest point of protection.  Contact us at (732) 780-8615 or email at [email protected].


Kim Key, “How to Avoid Scammers on Social Media”, pcmag.com, March 9, 2023

/* For social icon open in a new tab. */