Take a moment and ask yourself: When was the last time you changed your password? Do you still use the same password as when you were 12 because it’s the only one you probably remember? No, I’m not talking about me.
In all seriousness, social media is such an important part of how we communicate and interact online, and we all need to approach it with more caution. In this article, we explore the different ways to keep your social media accounts safe and secure. And to make sure we’re providing the most accurate advice for managing social media security, we’ve sought insight from Rafael Broshi, CEO of Notch, a social media insurance company.
When it comes to social media security, there are several types of threats that you should be aware of. Raphael says the most common scams aren’t done by hackers like Matrix in a dark room, but are usually run through a concept called “social engineering.” It breaks down the potential threats into three scams:
Security Risk 1: Emails impersonating social media platforms
The first scam, and the most common, are emails impersonating a social platform, be it Instagram, YouTube or TikTok. Here’s how this scam works:
Scammers get a large email list from valuable accounts, usually targeting accounts with at least a few thousand followers, because they understand that it could be a source of income for people, or it would just bring a lot of value because it took a long time of time grow up.
Then they send those people a generic email that says something like, “In one of your recent posts, we saw a violation of our terms of service. If you don’t fill out the following forms, you’ll be suspended for next 24 hours.”
For your part, you may receive an email from a domain that appears to have been sent from Instagram, and since the platforms use different domains to send emails, you can’t always tell if an email has been sent from real instagram just by looking at the sender. One email can be for security alerts, while another is for sending the latest offer from the platform.
A user might think that they will never fall victim to this, but a scam that is being sent to a thousand different emails will land in people’s inboxes in different situations. Maybe a hundred of those people are having a stressful day and so aren’t that vigilant, or fifty people just posted on Instagram a few seconds ago and suddenly get a terms of service violation email. Depending on the nature of the scam, it may look legitimate enough for some people to click on it.
Raphael adds that when you click on a link in a phishing email, it will send you to a website that looks exactly like the social platform with a slightly different domain (like “.net: or “tik-tok. com”).However, once you enter your username and password, you’re done.
Now, you might be wondering where two-factor authentication comes in, which is highly recommended for social media security. Well, the scammers will copy the details you enter on the fake website to the legitimate one in real time. So, if you get an email asking for your two-factor authentication code, it will think nothing of it and give you the code by putting it on the fake website.
It seems quite complicated to set up, but so simple in real time that it can happen in a few minutes.
What can you do to prevent this from happening? Look for communication from social media platforms from apps when you’re already signed in.
Using Instagram as an example, you can go into your app → go to Settings → click on “Security” → click on “Instagram Emails”. There you will see all the official communication of the platform.
Security risk 2: Phishing platforms
The second type of scam comes from accounts that have already been taken over. Raphael describes it as scammers taking over an account that already has a ton of followers and changing the name to “TikTok Support” or something similar.
If you see a direct message from an account with an official-looking name and lots of followers, you might think it’s legit.
How can you avoid this scam? No platform will send you a DM, especially one that asks for personal information. So you can safely ignore any such messages you receive.
Security risk 3: Accounts impersonating people you know
This is similar to the scam above, but involves people you already know. If one of your friends is hacked, the scammer can use their following list to take advantage of their relationship with you. What they do, as Raphael explained, is that while holding accounts for ransom, they send messages to people who have been contacted by the hacked account, asking for money or account details.
The common element in these scams is human error, which strong passwords, two-factor authentication, and password managers can’t always account for. The potential consequences of falling victim to these threats can be severe, including damage to your devices, financial loss, and even identity theft.
What can you do? Be on the lookout for messages asking for money or account details from anyone in your network. Please contact this person through another means of communication if you are not sure it is them.
What you need to know about protecting your information
In addition to protecting your accounts, it’s also important to be aware of the types of personal information that may be at risk on social media and take steps to limit the amount of personal information shared. Here are some tips to protect your personal information:
- Limit the amount of personal information shared: Be mindful of the information you share on your social media profiles, such as your address, phone number, and email address. Avoid sharing sensitive information, such as your social security number or financial information.
- Be aware of who has access to your personal information: Review your privacy settings to ensure that only people you trust can access your personal information.
Raphael stresses the importance of awareness and education about what the potential risks are so that regardless of the circumstances you find yourself in, take the time to consider what you share with others when it comes to social media.
Now that you understand the types of risks present on social media, it’s important to take steps to protect yourself.
- Limit access to your social accounts, especially if you have a large account that requires multiple people to have access to it. If your assistant or social media manager accesses your business or influencer account to post regularly, make sure they’re up to date on your account security measures.
- Set up two-factor authentication. It is an important layer of security for any internet user and should be implemented even on non-social media accounts. This guide from The Verge details how to set up 2FA for different online accounts.
- Use a password manager to generate strong passwords and keep them secure. 1Password and Bitwarden are among the managers that come highly recommended.
- Review the apps or websites that have access to your email and social accounts periodically
- Be careful about the information you provide online, even to people you communicate with regularly. If you suspect anything or anyone, check to make sure it’s really them behind the screen.
- To be be careful how you click. As we said earlier, visiting suspicious sites can open your accounts to hackers.
- Please review your privacy settings periodically to ensure that no person or application has access that they shouldn’t.
Buffer is a great way to reduce the risk of human error when it comes to your social media. You can easily configure your account with different levels of administrative access. You can also configure your system so that only certain people are allowed to post, and revoking access is simple and straightforward. Best of all, you can set up two-factor authentication so that only people with access to your computer’s password manager can access your account.
🔒 Use Buffer to manage all your social media accounts safely and securely in one place.