With more than half of the world’s population on some form of social media, it’s no surprise that social media scams are on the rise. The risks of social networking are very real. Studies show that active users of Facebook, Instagram, X, TikTok and Snapchat are more likely to be the victims of fraud due to increased exposure and the amount of information they share online.

What is social media scamming?

Social media scams will attempt to use your social accounts to siphon personal data, steal information from your company, take over your accounts and even transfer malware to your devices. These scams can take many forms: links posted to your pages, messages from trusted friends, or even seemingly innocent quizzes or apps.

There has been over $3.5 billion in economic losses due to social media scams, so it’s important to stay informed and aware.

What are some common social media scams?

The first step in security is education. So, what do social media cyber security threats typically look like?

  • Clickjacking: Clickjacking (or likejacking) seems fairly innocuous. Using hidden scripts, you can get tricked into hitting “like” buttons for certain pages. This can become a concern as pages are bought or sold and loaded with malware, but Facebook has rolled out protections against the practice.
  • Phishing scams: Phishing issues in social media are similar to email-based attacks. By posing as a trusted source, a phishing scam will try to get you to click on a link to trick you into giving up personal details like passwords or bank details.
  • Identity theft: Think about how much personal information you voluntarily share on social media. Your name, your birthday, your pets, your relationships. Check your privacy settings to know just who can see it, because these personal details are a ripe target for scammers.
  • Fake apps loaded with viruses: Official app stores will verify the things available for download, but third-party app sources are the wild west. Things that connect to your social accounts or request permissions from your mobile devices have access to huge amounts of your personal data. 
  • Fake giveaways: These can be nothing more than link farms, where your data will be sold to the highest bidder after the fact. If a giveaway is only appearing on social channels and not the company’s website, or if it requires you to authorise it with a social media account, it may be a scam
  • Applications that sell your personal information: Always check what data you’re giving up when you connect an app to a social media account. Even legitimate apps like quizzes or games include terms of service that allow them to sell your personal data, including pictures and browsing history.
  • Malicious links being sent over private messaging: If a message from a friend seems fishy, it might actually be phishy. Compromised accounts or messages from strangers can tempt you with malicious links. Be careful what you click on!

How do I spot a social media scammer?

  • An individual or company is randomly contacting you: Does a message from an individual or company seem strange or unexpected? If you weren’t expecting them to reach out about something, they probably aren’t.
  • Someone is asking for your personal information: If someone is requesting personal information, they probably don’t want it for a good reason.
  • You are receiving messages with poor grammar: Most messages from official companies will be checked for spelling and grammar. If it seems sloppy or strange, it probably is.
  • Someone is sending you to an unsecure website: All secure web links will start with “https://” If someone is sending you to a site without that little padlock in the address bar, don’t click it.

How can I avoid being scammed on social media?

The easiest way to avoid social media scams is to be vigilant with your personal data. Here’s some good rules to follow:

  • Don’t connect with anyone you don’t know on social media: Mutual friends and existing connections are a good rule of thumb. Directly connecting with someone gives them access to huge amounts of your personal information, so make sure you trust the people you accept invites from.
  • Watch out for fake and impersonation accounts: Facebook reported close to 3 billion fake accounts created in the first half of 2021. While some are easy to spot, it’s always best to make sure you know who’s on the other side of a display picture.
  • Avoid any suspicious links: If you don’t know where a link is going, don’t click it. Link shortening is a great way to disguise links to malicious websites.
  • Don’t overshare your personal information on social media: It’s more than not posting your bank details. Be careful with what you post and who can see it. Always check your privacy settings, and if you wouldn’t be comfortable with a stranger knowing it, maybe don’t post it.
  • Consider 2 factor authentication on your social media accounts: 2-factor authentication is a fantastic way to limit unauthorised logins to your accounts. Even if your passwords are compromised, you’ll need to verify new logins with codes sent to a secondary device or account. It’s also a good way to track attempted logins. If you’re getting some unexpected codes sent to you, it’s time to change your password.

What do I do if I get scammed on social media?

Being on the receiving end of a social media scam is never pleasant, but the name of the game is limiting the damage that a scammer can cause.

  • Contact your banks and financial institutions: The vast majority of cybercrime is financially motivated. If you suspect you’ve been the victim of a social media scam you should immediately contact your bank (or other financial institutions) and keep a watchful eye on suspicious or fraudulent transactions.
  • Report any scams to the authorities and social media services: Let the authorities and support teams of the social media platforms know if and how your account was compromised.
  • Change all your online passwords: The first and easiest port of call if you suspect you’ve been the victim of a social media scam is to update all your passwords. We recommend using a random password generator and enabling 2-factor authentication for all your accounts.
  • Let the people you know that your account may be compromised: It’s important to let the people you’re connected with on your social network that your account may be compromised. One of the risks of social networking is how scams can spread from “trusted” sources, so give people in your network a heads up.
  • Let your work or company know: One of the biggest social media cyber security threats comes from breaches going unreported. Because of the exponential risk and the way single breaches can impact multiple accounts and systems, it’s vital that you let your company know if you’ve been scammed.


Social media scams are becoming more and more popular because the platforms themselves are popular. As with any cyber security risk, the best first step is being informed and aware of what you’re sharing and who can access it. Remember that most breaches occur due to human error, so be on the lookout for red flags and stay safe while you connect with people online! If you’re concerned about social media scams impacting your business, please don’t hesitate to contact us or request a demo from Phriendly Phishing.