Stay safe on social media
Social media is a great place to meet new friends, but it’s also home to scammers who are on the hunt for potential targets and their personal information. Social media scammers can seem like real people but there are some steps you can take to spot them and protect yourself.
Recognising social media scams
Social media scams happen when someone tries to get money from you through an interaction on social media. They may say they need help due to a personal emergency, or they may recommend an investment product, or say they are buying or selling something on a social media marketplace.
If you are using social media, you may come across these scams. Although you can’t prevent them, there are things you can do to make sure you recognise one.
- Offers that seem too good to be true. If it's unbelievably cheap, a guaranteed investment, or an amazing prize (for a competition you didn't enter), then it's almost certainly a scam.
- Urgent requests. Scammers create a sense of urgency to make you act without thinking – for example, an urgent medical bill, being stranded abroad, or a stolen/broken phone.
- Typos and grammatical errors. Legitimate organisations carefully proofread their communications. Lots of errors are a red flag but remember the flip side is not true – no errors in the message, doesn't mean it's real.
- Requests for personal information or payment. Reputable companies won't ask you for passwords or banking details over social media. They will also not ask you to pay via unusual methods – such as, gift cards or cryptocurrencies.
- Unknown senders or weird accounts. Be cautious with messages from accounts you don't recognise. If the message comes from someone you know or a well-known person, check it's their real account.
How to protect yourself
-
Look after your logins
- To get to your social media accounts, use a saved link in your bookmarks or favourites, or type the name of the site into your
. Don’t use links that someone else has sent you, or links on other websites. These could lead you to fake sites set up by attackers.
The software you use to access the internet, such as Google Chrome, Microsoft Edge or Safari.
- If you use a shared or public computer or
, make sure your browser or website doesn’t save your login details. If it does, and someone else uses that device, they’ll get access to your social media accounts too.
Your phone, tablet, or computer.
- Be cautious of logging in to your social media accounts using a
or free
a way for devices with a SIM card to share their internet connection with other nearby devices, usually via WiFi
– if you’re logging on at a cafe, for example. These networks are 'untrusted'. That means others could see what you're doing when you use them.A wireless network, usually for connecting devices to the internet in a home or business. Short for 'wireless fidelity'.
- If you access your social media accounts through an
on your phone or your tablet, make sure you lock it when you’re not using it, and always log out of your account, like you do for bank websites.
A piece of software that helps you do something, usually on a mobile device. Short for 'application'.
- To get to your social media accounts, use a saved link in your bookmarks or favourites, or type the name of the site into your
-
Use strong passwords on your accounts
- Use a different password for each of your social media accounts. For example, don’t use the same password for your Facebook account as you do for Instagram. That way, if someone gets access to one of your account passwords, they won’t get easy access to your other accounts as well.
- Make your account passwords long and strong – try short sentences that are easy to remember.
Don’t use information you share on social media to create your passwords – if you share pictures of your dog online, don’t use your dog’s name as your password. - Don’t share your passwords with anyone – not even your partner, your parents, or your children.
If you’re worried about remembering all of your passwords, try using a password manager which will store and manage them for you. Then you only need to remember the login details for the password manager.
-
Add two-factor authentication
Two-factor authentication (
) adds an extra layer of protection to your social media accounts. 2FA means you need more than just a password to log in.A security setting that needs an extra piece of information, such as a text code or fingerprint, to log into your account. Short for 'two-factor authentication'.
-
Check your privacy settings
- Check the privacy settings on your social media accounts. Set them so that only your friends and family can see your full details.
- Be wary of online questionnaires and competitions – the information in your answers can be used to build a profile of you and your friends, which is then sold to companies for their targeted marketing campaigns.
- Clean up your social media profile by ‘unliking’ or unfollowing pages, and leaving groups you no longer have an interest in.
-
Be smart about making friends on social media
Only accept a friend invite from someone who:
- you know in real life, or
- you're sure is a real person, like a celebrity or public figure.
Check the profiles of celebrities, public figures and businesses are verified accounts. Verified accounts usually have a blue tick next to the account name.
If you don't want to be friends with someone, or don't want them to see what you're posting, you can block them.
-
Watch out for scams
Scammers might use social media to try to trick you into giving away your personal details, financial details, or money. When you’re using social media:
- watch out for social engineering and scams. Social engineering is when an attacker:
- gains your trust and tricks you into giving them access or information they shouldn’t have
- researches you and gets enough information to be able to either guess or reset your passwords
- be wary of opening links and attachments. Links asking you to visit another website to claim a free offer or a prize are often scams used by attackers to get hold of your personal details, or even install
, like a virus, on your device
refers to viruses and other pieces of software than can infect your devices. Short for 'malicious software'
- be cautious if a friend on social media asks you strange questions – like if they ask for personal details or for money. It could be a scammer who’s created an account to impersonate your friend, or got access to their account. If this happens, contact your friend through another channel, like over the phone or in person, and ask them about it. If it is a scam, you should be able to report the account.
- watch out for social engineering and scams. Social engineering is when an attacker:
-
What goes online, stays online
If you're posting online:
- don’t reveal too many personal details. 'About me' fields are optional – you don’t have to fill them in
- don’t share anything that could embarrass you or someone else. Only share things you’d be happy for anyone to see, or that you’d say in real life. Keep an eye on what others post about you too
- remember that anything you post online stays online, so think before you post.
-
Close your old accounts down
If you have old social media accounts that you don’t use anymore – remember Myspace? – close them down. Don’t leave your personal information out there unused and unloved.
Get help
If you think someone's got access to your social media accounts, or you think someone's targeting you on social media, your first step is to report it to the social media provider.
- Hacked and fake accounts | Facebook Help Centre(external link)
- My Instagram was Hacked | Instagram Support(external link)
- My account has been hacked | TikTok Help Center(external link)
- My account is compromised | Snapchat Support(external link)
If you made a payment to scammer, contact your bank to see if it can recover the funds for you.
If you’ve lost money or property, you can also contact the Police.